osCommerce – Authentication Bypass

Exploit Database
6 阅读

作者： Nicolas Krassas

日期： 2011-02-04
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/16113/

This is a bug on old oscommerce / creloaded i just didn't find it in the
exploit-db database on the search.

# Exploit Title: OsCommerce/Creloaded tell a friend authentication bypass
# Date: 04/02/2010
# Author: Nicolas Krassas
# Version: $Id: tell_a_friend.php,v 1.1.1.1 2008/06/29 23:38:03
# Tested on: linux

When /tell_a_friend.php is called directly the user is redirected at
/product_info.php?products_id=0 where an access denied message is displayed.
Providing a valid product id (eg.
/tell_a_friend.php?action=process&products_id=[Product_id] ) though a guest
user can bypass the restriction and send unsolicited mails through the
system.

Regards,
Nicolas Krassas

last Exploits
osCommerce – Authentication Bypass的更多信息

Stackposts Social Marketing Tool v1.0 – SQL Injection：
phptpoint Pharmacy Management System 1.0 – ‘username’ SQL Injection：
FreePBX 2.5.1 – SQL Injection：
PTC Site’s – Remote Code Execution / Cross-Site Scripting：
pecio CMS 2.0.5 – Multiple Remote File Inclusions：
Zen Cart 1.3.9h – Local File Inclusion：
Anchor CMS 0.6-14-ga85d0a0 – ‘id’ Multiple HTML Injection Vulnerabilities：
Instagram Auto Follow – Authentication Bypass：