MidiCart PHP,ASP Shell Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MidiCart PHP,ASP Shell Upload Vulnerability
# Published : 2010-05-17
# Author : DigitALL
# Previous Title : PHP-Fusion v4.01 SQL Injection Vulnerability
# Next Title : MyNews v1.0 CMS - Sql Injection, local file inclusion and XSS Vulnerabilities

# Exploit Title: MidiCart PHP,ASP Shell Upload Vulnerability

# Date: 17.05.2010

# Author: DigitALL

# Software Link:
http://download.cnet.com/MidiCart-PHP-Shopping-Cart/3000-2649_4-10064577.html

# Version: All Version

# Tested on: DigitALL Xp Version x1

# Code :

[dork] : inurl:"order_money.php" or inurl:"order_money.asp" or "MidiCart PHP
Database Management"

[exploit] : Go To /admin/ &#304;f No Password(%80 No Password) Go To /add.php
Your Shell Upload.Shell Go To /images/shell.php

[other] : No Upload Shell Edited Categories Or Add Categories Hacked for
Script Kiddies :)

[thanks] : Efe KroNicKq NoFearx38 and All 1923Turk.com Members

[site] ://  www.1923turk.com // www.digitallsecurity.org //
digit4ll.blogspot.com // www.hacker-zone.org // www.kankardes.com //