[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : e-cart.biz Shopping Cart Arbitrary File Upload Vulnerability
# Published : 2009-04-17
# Author : ahmadbady
# Previous Title : ClanTiger <= 1.1.1 (slug) Blind SQL Injection Exploit
# Next Title : Online Guestbook Pro (display) Blind SQL Injection Vulnerability


=-=-Remote Arbitrary File Upload-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script::e-cart Shopping Carts
-------------------------------------------------
Author: ahmadbady

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.e-cart.biz/e-cart_Free.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
upload:
/path/admin/editor/image.php --> upload shell.php

shell.php ---> /path/images/upload/shell.php

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=--=-=-=-=-=-=-

dork:
"Powered by e-cart.biz Shopping Carts & Storefronts"
"Powered by e-cart.biz Shopping Carts"

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=

# www.Syue.com [2009-04-17]