Shopsysteme (new version oscommerce)

vendor:

Shopsysteme

by:

mNt

8.8

CVSS

HIGH

File Upload Bug

434

CWE

Product Name: Shopsysteme

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Shopsysteme (new version oscommerce)

A vulnerability in Shopsysteme (new version oscommerce) allows an attacker to upload a malicious file, such as a PHP shell, to the web server. This is done by accessing the /admin/editor/images.php page and uploading the malicious file. The malicious file is then accessible at http://www.example.com/images/upload/mNt.php. This vulnerability affects versions of Shopsysteme prior to the 2008-12-17 patch.

Mitigation:

Upgrade to the latest version of Shopsysteme and apply the 2008-12-17 patch.

Source

Exploit-DB raw data:

## Script Name: Shopsysteme (new version oscommerce)

## Download: http://www.shopsystem-forum.de/product_info.php?cPath=22&products_id=43 (299 euro)  :) 

## Author: mNt

## File Upload Bug

## Google Dork: intext:Powered by K&S Media Concept - Shopsysteme [Powered by K&S Media Concept - Shopsysteme iÃ§in yaklaÅŸÄ±k 32.900 sonuÃ§tan 191 - 200 arasÄ± sonuÃ§lar (0,51 saniye)]

## Use:

http://www.example.com/

after add: /admin/editor/images.php ==> http://www.example.com/admin/editor/images.php

File uploaded php shell

after in url: http://www.example.com/images/upload/mNt.php

Attention: Shell Code Ä°n GIF89;a

## Live demo: http://www.trampleandfetish.de/admin/editor/image.php

## Php Shell Adres: http://www.trampleandfetish.de/images/upload/data.php

## Thanks: DelÄ°DolU, HeDgEs, Scarface, Cih@t, Suskun DÃ¼nyam, Lodos2005, Sabotage

## web Site: www.rootingforced.org || www.rootingforced.com || www.rootingforced.net

# milw0rm.com [2008-12-17]