Webspert 2.2rc2a osCommerce Multi vulnerability

2017.12.24
dz indoushka (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

======================================================================== | # Title : Webspert 2.2rc2a osCommerce Multi vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Tested on : windows 8.1 Fran├žais V.(Pro) | # Version : 2.2rc2a | # Vendor : http://www.webspert.com.my/ | # Dork : "Powered by Webspert" ======================================================================== poc : Webspert based on osCommerce version 2.2rc2a (2007) & osCommerce version 2.2rc2a suffers from a cross site request forgery vulnerability. =https://packetstormsecurity.com/files/92311/osCommerce-2.2rc2a-Cross-Site-Request-Forgery.html so 1 - Csrf : http://www.kamazingart.com/private/backup.php/login.php 2 - backdoor Acounte : http://www.kamazingart.com/private/ user : admin Pass : conny123@ Sql injection : http://www.sarayazahret.com/page.php?pageid=33 Greetz : =============================================================== | jericho * Larry W. Cashdollar * moncet-1 * Gjoko Krstic | | ========================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top