68 lines
No EOL
4.1 KiB
Text
68 lines
No EOL
4.1 KiB
Text
# Exploit Title: Interspire Shopping Cart Full Path Disclosure
|
|
# Date: 13-12-2009
|
|
# Author: Mr.aFiR
|
|
# Software Link: http://www.interspire.com/
|
|
# Version: N/A
|
|
# Tested on: GNU/LINUX
|
|
# CVE : N/A
|
|
# Code : N/A
|
|
#####################################################################
|
|
|
|
#####################################################################
|
|
## _______ ____ ##
|
|
## __ ___ / _____ \ / __ \ ##
|
|
## / \ _ _ ___ | |___ |/ | | ) ) ##
|
|
## | Y Y \| V_\ / _ Y| __ |(_)| |_/ / [A] ##
|
|
## |__|__|__ \ | ()| (_] | | \|| || __ \ ##
|
|
## \/_/ \___ | | | || | ) | ##
|
|
## \|/ |_/|_/ |/ ##
|
|
## ##
|
|
#####################################################################
|
|
## Interspire Shopping Cart Full Path Disclosure ##
|
|
## [Full Path Disclosure] ##
|
|
## Created By Mr.aFiR (Moroccan Hacker) ##
|
|
## Email: q-_@hotmail.com ##
|
|
## Website: www.aFiR.me ##
|
|
## (c) -- 13/12/2oo9 ##
|
|
#####################################################################
|
|
## * What's it ? ##
|
|
## ----------------- ##
|
|
## ~ This is Shopping Cart script, sometimes we find us on a ##
|
|
## server where we have a shopping cart script as this. ##
|
|
## And we dont know the directory of infected website (ISC) ##
|
|
## and we cant find it by using our uploaded shell. ##
|
|
## This Vulnerability is comming to show you the directory ##
|
|
## of website(with username on system sometimes). ##
|
|
## ~ Infected File : [xml.php] ##
|
|
## // Get the XML request data ##
|
|
## if(isset($_REQUEST["xml"])) { ##
|
|
## $request = $_REQUEST["xml"]; ##
|
|
## } ##
|
|
## else { ##
|
|
## $request = file_get_contents('php://input'); ##
|
|
## } ##
|
|
## ##
|
|
## // Instantiate the API which also takes care of validation ##
|
|
## $api = new API($request); ##
|
|
## ##
|
|
## // Run the request ##
|
|
## $api->RunRequest(); ##
|
|
## ##
|
|
## ~ When we're visiting "xml.php" without the request "?xml=*" ##
|
|
## the request is gonna be good with out any error. ##
|
|
## But if we sent a request with the "?xml=*" , ##
|
|
## that will make an PHP error. Error location : ##
|
|
## [includes/classes/class.api.php] on line 91: ##
|
|
## // Store a refernece to the XML object ##
|
|
## $this->_xml = new SimpleXMLElement($this->_request); ##
|
|
## ~ This is Only a Full Path Diclosure Vunlerability ! ##
|
|
## ------------------------------------------------------------ ##
|
|
## Thanks & Greatz To≤ All My Friends (Dr.Crypter, Love511, ##
|
|
## Dr.BoB-Hacker, Mr.LASSiSSi, ...) & All Muslim HaCkerz. ##
|
|
#####################################################################
|
|
## ~ GreatZ To : > Dr.Crypter - Dr.BoB-Hacker - Love511 & All ... ##
|
|
## ~ Contact : > q-_[at]Hotmail[dot]com - www[dot]aFiR[dot]me ##
|
|
## I Love You **** ##
|
|
#####################################################################
|
|
|
|
© aFiR.Me - 0nly F0r Security 2009 | By Mr.aFiR |