\_ _____/\_ ___ \ / | \\_____ \ | __)_ / \ \// ~ \/ | \ | \\ \___\ Y / | \ /_______ / \______ /\___|_ /\_______ / \/ \/ \/ \/ .OR.ID ECHO_ADV_44$2006 ------------------------------------------------------------------------------ [ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion ------------------------------------------------------------------------------ Author : Ahmad Maulana a.k.a Matdhule Date Found : August, 07th 2006 Location : Indonesia, Jakarta web : http://advisories.echo.or.id/adv/adv44-matdhule-2006.txt Critical Lvl : Highly critical Impact : System access Where : From Remote --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ PHP Simple Shop Application : PHP Simple Shop version : Latest version [2.0] URL : http://www.turnkeywebtools.com/phpsimpleshop --------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~ In folder admin we found vulnerability script index.php ---------------------------index.php--------------------------------------- ....