Can not exploit.

[Plux]

I am trying to re-create a exploitation of a osCommerce version but need to know if version 2.2-MS2 was vulnerable to this exploit http://www.metasploit.com/modules/exploit/unix/webapp/oscommerce_filemanager ?

 

Trying to attack it from within my VM Ware image seems to be causing some issues so thought I just check to be sure as the version for the exploit is stated 2.2 however I could not find a download for that exact version of osCommerce.

[Taipo]

osCommerce is a popular open source E-Commerce application. The admin console contains a file management utility that allows administrators to upload, download, and edit files. This could be abused to allow unauthenticated attackers to execute arbitrary code with the permissions of the webserver.

 

Probably a bad explanation of the security hole. The problem was never with the file manager, but with the $PHP_SELF code which has now been fixed in 2.3.1

 

Attackers are appending login.php to the end of admin files to give admin login credentials like yoursite.com/admin/categories.php/login.php

 

The assumption that because this could also be used to give attackers access to the file manager, lead some to believe it was the file manager that was the problem when in fact it is the $PHP_SELF code in both application_top.php files that needed patching.

 

Any unpatched version of 2.2.x is vulnerable.