Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
ProfitCode Software PayProCart Directory Traversal Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
PayProCart
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: PayProCart
Affected Version From: 3
Affected Version To: 3
Patch Exists: YES
Related CWE: N/A
CPE: a:profitcode:payprocart
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

ProfitCode Software PayProCart Directory Traversal Vulnerability

PayProCart may allow a remote attacker to carry out directory traversal attacks. It is reported that this issue can be exploited by issuing a specially crafted HTTP GET request and supplying directory traversal sequences followed by a target file name through an affected parameter. Reportedly, the attacker can gain access to file owned by the administrator and gain administrative access to the application by accessing the administrative panel. The attacker is able to gain access to the administrative panel without providing authentication credentials.

Mitigation:

Ensure that user-supplied input is validated and filtered before being used in file system operations.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13006/info

ProfitCode Software PayProCart may allow a remote attacker to carry out directory traversal attacks.

It is reported that this issue can be exploited by issuing a specially crafted HTTP GET request and supplying directory traversal sequences followed by a target file name through an affected parameter.

Reportedly, the attacker can gain access to file owned by the administrator and gain administrative access to the application by accessing the administrative panel. The attacker is able to gain access to the administrative panel without providing authentication credentials.

PayProCart versions 3.0 is affected by this issue. Other versions may be affected as well. 

http://www.example.com/adminshop/index.php?proMod=index&amp%3bftoedit=..%2fshopincs%2fmaintopENG

Navigation

Suggest Exploit

Services By CQR

cqrsecured