Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Can not exploit.


Plux

Recommended Posts

I am trying to re-create a exploitation of a osCommerce version but need to know if version 2.2-MS2 was vulnerable to this exploit http://www.metasploit.com/modules/exploit/unix/webapp/oscommerce_filemanager ?

 

Trying to attack it from within my VM Ware image seems to be causing some issues so thought I just check to be sure as the version for the exploit is stated 2.2 however I could not find a download for that exact version of osCommerce.

Link to comment
Share on other sites

osCommerce is a popular open source E-Commerce application. The admin console contains a file management utility that allows administrators to upload, download, and edit files. This could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of the webserver.

 

Probably a bad explanation of the security hole. The problem was never with the file manager, but with the $PHP_SELF code which has now been fixed in 2.3.1

 

Attackers are appending login.php to the end of admin files to give admin login credentials like yoursite.com/admin/categories.php/login.php

 

The assumption that because this could also be used to give attackers access to the file manager, lead some to believe it was the file manager that was the problem when in fact it is the $PHP_SELF code in both application_top.php files that needed patching.

 

Any unpatched version of 2.2.x is vulnerable.

- Stop Oscommerce hacks dead in their tracks with osC_Sec (see discussion here)
- Another discussion about infected files ::here::
- A discussion on file permissions ::here::
- Site hacked? Should you upgrade or not, some thoughts ::here::
- Fix the admin login bypass exploit here
- Pareto Security: New security addon I am developing, a remake of osC_Sec in PHP 5 with a number of fixes
- BTC:1LHiMXedmtyq4wcYLedk9i9gkk8A8Hk7qX

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...