Interspire Shopping Cart - Full Path Disclosure

EDB-ID:

10404

CVE:

N/A


Author:

Mr.aFiR

Type:

webapps


Platform:

PHP

Date:

2009-12-13


# Exploit Title: Interspire Shopping Cart Full Path Disclosure
# Date: 13-12-2009
# Author: Mr.aFiR
# Software Link: http://www.interspire.com/
# Version: N/A
# Tested on: GNU/LINUX
# CVE : N/A
# Code : N/A
#####################################################################

#####################################################################
##                                _______   ____                   ##
##          __ ___               / _____ \ /  __ \                 ##
##         /      \  _ _     ___ | |___ |/ | |  ) )                ##
##        |  Y  Y  \| V_\   / _ Y|  __ |(_)| |_/ /      [A]        ##
##        |__|__|__ \ |  ()| (_] | |  \|| ||  __ \                 ##
##                 \/_/     \___ | |    | || |  ) |                ##
##                              \|/     |_/|_/  |/                 ##
##                                                                 ##
#####################################################################
##          Interspire Shopping Cart Full Path Disclosure          ##
##                     [Full Path Disclosure]                      ##
##              Created By Mr.aFiR (Moroccan Hacker)               ##
##                    Email: q-_@hotmail.com                       ##
##                     Website: www.aFiR.me                        ##
##                      (c) -- 13/12/2oo9                          ##
#####################################################################
##                        * What's it ?                            ##
##                      -----------------                          ##
## ~  This is Shopping Cart script, sometimes we find us on a      ##
##    server where we have a shopping cart script as this.         ##
##    And we dont know the directory of infected website (ISC)     ##
##    and we cant find it by using our uploaded shell.             ##
##    This Vulnerability is comming to show you the directory      ##
##    of website(with username on system sometimes).               ##
## ~ Infected File : [xml.php]                                     ##
##   // Get the XML request data                                   ##
##	if(isset($_REQUEST["xml"])) {                              ##
##		$request = $_REQUEST["xml"];                       ##
##	}                                                          ##
##	else {                                                     ##
##		$request = file_get_contents('php://input');       ##
##	}                                                          ##
##                                                                 ##
##	// Instantiate the API which also takes care of validation ##
##	$api = new API($request);                                  ##
##                                                                 ##
##	// Run the request                                         ##
##	$api->RunRequest();                                        ##
##                                                                 ##
## ~ When we're visiting "xml.php" without the request "?xml=*"    ##
##   the request is gonna be good with out any error.              ##
##   But if we sent a request with the "?xml=*" ,                  ##
##   that will make an PHP error. Error location :                 ##
##   [includes/classes/class.api.php] on line 91:                  ##
##      // Store a refernece to the XML object                     ##
##       $this->_xml = new SimpleXMLElement($this->_request);      ##
## ~ This is Only a Full Path Diclosure Vunlerability !            ##
##  ------------------------------------------------------------   ##
##      Thanks & Greatz To≤ All My Friends (Dr.Crypter, Love511,   ##
##       Dr.BoB-Hacker, Mr.LASSiSSi, ...) & All Muslim HaCkerz.    ##
#####################################################################
## ~ GreatZ To : > Dr.Crypter - Dr.BoB-Hacker - Love511 & All ...  ##
## ~ Contact   : > q-_[at]Hotmail[dot]com - www[dot]aFiR[dot]me    ##
##                        I Love You ****                          ##
#####################################################################

© aFiR.Me - 0nly F0r Security 2009 | By Mr.aFiR