MidiCart PHP,ASP Shell Upload Vulnerability

vendor:

MidiCart PHP Shopping Cart

by:

DigitALL

8,8

CVSS

HIGH

Shell Upload Vulnerability

264

CWE

Product Name: MidiCart PHP Shopping Cart

Affected Version From: All Version

Affected Version To: All Version

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: DigitALL Xp Version x1

2010

MidiCart PHP,ASP Shell Upload Vulnerability

Go To /admin/ İf No Password(%80 No Password) Go To /add.php Your Shell Upload.Shell Go To /images/shell.php

Mitigation:

Ensure that the application is configured to use a secure password for the admin panel and also ensure that the application is configured to use a secure file upload mechanism.

Source

Exploit-DB raw data:

# Exploit Title: MidiCart PHP,ASP Shell Upload Vulnerability

# Date: 17.05.2010

# Author: DigitALL

# Software Link:
http://download.cnet.com/MidiCart-PHP-Shopping-Cart/3000-2649_4-10064577.html

# Version: All Version

# Tested on: DigitALL Xp Version x1

# Code :

[dork] : inurl:"order_money.php" or inurl:"order_money.asp" or "MidiCart PHP
Database Management"

[exploit] : Go To /admin/ &#304;f No Password(%80 No Password) Go To /add.php
Your Shell Upload.Shell Go To /images/shell.php

[other] : No Upload Shell Edited Categories Or Add Categories Hacked for
Script Kiddies :)

[thanks] : Efe KroNicKq NoFearx38 and All 1923Turk.com Members

[site] ://  www.1923turk.com // www.digitallsecurity.org //
digit4ll.blogspot.com // www.hacker-zone.org // www.kankardes.com //