Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15337
HistoryDec 08, 2006 - 12:00 a.m.

Midicart vulerable

2006-12-0800:00:00
vulners.com
14
JSON

lintah_|adv|_15@2006>=========<[MidiCart]<===>[php b/d]

/___________________________________________________________________
_________________________________ / /
ooo000-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-
~-~-~-~-~-~-~-~-~-~-~-~-~-~000ooo/ /
/
\ \
\ Indonesian Cyber-Terrorist [
Grey Hats ] / /
\
/ /
\ iFX a.k.a inversFX
/ /
| ifx@…
| |
/
\ \
/ _________
\ \
| _____________
| |
! _____________________________
! |
:_______________________________.
_______________________________:/
| | |
| | |
locate : Indonesia, Jakarta | | |
-------------------------------- | | |
date :06/12/2006 | | |
-------------------------------- | | |
title : | | |
remote command execution through | | |
arbitary local inclusion & vuln | | |
of javascript | | |
-------------------------------- | |/\
Developer : www.MidiCart.com / \ \
-------------------------------- / \/\
Victims : Commercial use /-----------------------------\\
-------------------------------- |-----------------------------|/
\---------------------------/

PoC :
A. BYpass upload

when you open admin page, and you see `new item`
with uplod the image and i try uplod another ( u can guess
it ;P )
then gotcha!!, you got it :)

  1. open :
    http://<path>/admin/add.php
  2. access your file, ex ; your file is cucut.php then :
    http://<path>/images/cucut.php
  3. have fun :)

patch :

  • use permission in that(images) folder to write –> drwxrwxr-
    x

dork :
think it :)

B. Shopping cheap :D

1.st choose what is you want to order
2.then you can go to viewcart
3.on 'Qty', fill minus [-] value on 'Qty' field, which make
it cheaper
example :
Qty Item No. Item Price USD
Total
1 6001 128MB PC2100 DDR 22.99
22.99
-1 5001 Sony 52x CDROM 12.99
0.0-1298
Product Total USD
9.100

4.all right here we go

patch :
add script which not allowed 'minus' into the variable.

origin :
http://cupu.us/adv/15-iFX-2006-adv-midicart-phpbackdoor.txt

iFX Said, and greet :
================================================>
Lintah [ team of destroyer fucking school ] :

iFX aka inversFX
BJ aka Blue_Jaccker
Sin~X aka Sin_Cross
Xpl aka Xploid
gM aka G4mm4
S3 aka Sock-3d
BRO aka BiG_ReD_OnE
fZ aka FrezZe
cTZ aka CuruTZ

k1tk4t solpot
matdhule Fungky
slacky Cow_1iseng
NpR thama
lapet setiawan
theSnowbrain Soey
y3d1ps Lirva32
K-159 Comex
Bithedz anomaly
tr0n: bitch(LOL) Cyb3rh3b
Cybertank Ceyen
netcom h34rt_br34ker
x-ace x16
slackX til
Silverant LasT COffin
[mR]opt1lc BeWab
Bluespy Val
NoGe ghoz
kukasih OvErDoNgO
PremanMedan sakitjiwa
t1g3r ^^Nakutta
king_purba Mr_orche
Sefirosu drygol@h4cky0u

etc…
@DALnet

#phreakcuy
#nyubicrew @ALLINDO
#hitamputih@allindo
#e-c-h-o
#aikmel
#asiahacker
#newhack[dot]org
#h4cky0u
#groot
#javahack
#raptor
#soey
#semprol
#yogyafree
#daboxs
#jasakom

JSON