opened the installation wizard "install.php" n successfully configured and i was planning to play around it.
Wen i was trying to configure the settings we need to enter the auth code to change settings...
Suddenly hacker inside me got up and told me wait dont enter the code lets find some other way...
so i kept auth code field blank and pressed next button
On the next page i got an error message that auth code not valid with some information about the server and two buttons "back" and "next" also "next button was disabled.. so thought of injecting some xcodes to authcode field..... ooohhh wait i forgot to check the html code for the page ... so i took firebug (A very useful and great plugin for ff) and started to explore it .... Now i change some html tags of page to by pass the disabled next button... I thought it would give a big error... ny way i got to try that
so i edited the html and got "next" button enabled and to my great surprise i got the next page with mysql username, password , and host of the victim...
This exploit could be used to steal the information from database very easily....
Solution :- Remove "install.php" as soon as you configured correctly . Better is to move it to some other location or rename it.
we can find many sites with this vulnerability to our help here come google search
give this search keyword to find such sites
inurl:"install.php" intext:"CS-Cart"
Note:- please dont misuse wat u get from these if u find such site please do mail to respective webmasters
Posts
