CVE-2006-6390

Open Solution Quick.Cart 2.0 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6390. PoCs published by r0ut3r.

AI-analyzed exploit summary This exploit targets a Local File Inclusion (LFI) vulnerability in QuickCart 2.0 by injecting PHP shellcode into HTTP log files. It leverages the vulnerability to achieve remote command execution (RCE) by manipulating the `config[db_type]` parameter.

Description

Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by r0ut3r · perlwebappsphp

https://www.exploit-db.com/exploits/2889

View Code ZIP pw:eip

This exploit targets a Local File Inclusion (LFI) vulnerability in QuickCart 2.0 by injecting PHP shellcode into HTTP log files. It leverages the vulnerability to achieve remote command execution (RCE) by manipulating the `config[db_type]` parameter.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: QuickCart 2.0

No auth needed

Prerequisites: register_globals must be on · gpc_magic_quotes must be off · access to vulnerable endpoint

MITRE ATT&CK