______ _ _ _ | ___ \ | | | | (_) | |_/ /_____ _____ | |_ _| |_ _ ___ _ __ | // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \ | |\ \ __/\ V / (_) | | |_| | |_| | (_) | | | | \_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| _____ _____ _____ |_ _| | _ || _ | | | ___ __ _ _ __ ___ | |/' || |_| | | |/ _ \/ _` | '_ ` _ \ | /| |\____ | | | __/ (_| | | | | | | \ |_/ /.___/ / \_/\___|\__,_|_| |_| |_| \___/ \____/ DEFACEMENT it's for script kiddies... _____________________________________________________________ [$] Exploit Title : Oscommerce Online Merchant v2.2 - Remote File Upload [$] Date : 30-05-2010 [$] Author : MasterGipy [$] Email : mastergipy [at] gmail.com [$] Bug : Remote File Upload [$] Vendor : http://www.oscommerce.com [$] Google Dork : n/a [%] vulnerable file: /admin/file_manager.php [REMOTE FILE UPLOAD VULNERABILITY] [$] Exploit: Oscommerce Online Merchant v2.2 - Remote File Upload

UPLOAD FILE:


CREATE FILE:
FILE NAME:
  (ex. shell.php)
FILE CONTENTS:
[=] Thanks to Flyff666 for the original exploit: - Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass [§] Greetings from PORTUGAL ^^