# Exploit Title: Interspire Shopping Cart Full Path Disclosure
# Date: 13-12-2009
# Author: Mr.aFiR
# Software Link: http://www.interspire.com/
# Version: N/A
# Tested on: GNU/LINUX
# CVE : N/A
# Code : N/A
#####################################################################
#####################################################################
## _______ ____ ##
## __ ___ / _____ \ / __ \ ##
## / \ _ _ ___ | |___ |/ | | ) ) ##
## | Y Y \| V_\ / _ Y| __ |(_)| |_/ / [A] ##
## |__|__|__ \ | ()| (_] | | \|| || __ \ ##
## \/_/ \___ | | | || | ) | ##
## \|/ |_/|_/ |/ ##
## ##
#####################################################################
## Interspire Shopping Cart Full Path Disclosure ##
## [Full Path Disclosure] ##
## Created By Mr.aFiR (Moroccan Hacker) ##
## Email: q-_@hotmail.com ##
## Website: www.aFiR.me ##
## (c) -- 13/12/2oo9 ##
#####################################################################
## * What's it ? ##
## ----------------- ##
## ~ This is Shopping Cart script, sometimes we find us on a ##
## server where we have a shopping cart script as this. ##
## And we dont know the directory of infected website (ISC) ##
## and we cant find it by using our uploaded shell. ##
## This Vulnerability is comming to show you the directory ##
## of website(with username on system sometimes). ##
## ~ Infected File : [xml.php] ##
## // Get the XML request data ##
## if(isset($_REQUEST["xml"])) { ##
## $request = $_REQUEST["xml"]; ##
## } ##
## else { ##
## $request = file_get_contents('php://input'); ##
## } ##
## ##
## // Instantiate the API which also takes care of validation ##
## $api = new API($request); ##
## ##
## // Run the request ##
## $api->RunRequest(); ##
## ##
## ~ When we're visiting "xml.php" without the request "?xml=*" ##
## the request is gonna be good with out any error. ##
## But if we sent a request with the "?xml=*" , ##
## that will make an PHP error. Error location : ##
## [includes/classes/class.api.php] on line 91: ##
## // Store a refernece to the XML object ##
## $this->_xml = new SimpleXMLElement($this->_request); ##
## ~ This is Only a Full Path Diclosure Vunlerability ! ##
## ------------------------------------------------------------ ##
## Thanks & Greatz To≤ All My Friends (Dr.Crypter, Love511, ##
## Dr.BoB-Hacker, Mr.LASSiSSi, ...) & All Muslim HaCkerz. ##
#####################################################################
## ~ GreatZ To : > Dr.Crypter - Dr.BoB-Hacker - Love511 & All ... ##
## ~ Contact : > q-_[at]Hotmail[dot]com - www[dot]aFiR[dot]me ##
## I Love You **** ##
#####################################################################
© aFiR.Me - 0nly F0r Security 2009 | By Mr.aFiR
