#Exploit Title : osCommerce Authentication Bypass (misconfigured htaccess)
#Google Dork : "Powered by osCommerce" or you can try own dorks
#Exploit Author: D35m0nd142
#Vendor Homepage: http://www.oscommerce.com/
#Tested on: Linux Ubuntu 12.04 with Firefox 17.0
#Version: This exploit works on old versions of osCommerce
#Google Dork : "Powered by osCommerce" or you can try own dorks
#Exploit Author: D35m0nd142
#Vendor Homepage: http://www.oscommerce.com/
#Tested on: Linux Ubuntu 12.04 with Firefox 17.0
#Version: This exploit works on old versions of osCommerce
------------------------
| 5 Steps : |
------------------------
----------------------------------------------------------------------------------------------------------------------------------------
1) Download and install Live HTTP Headers on your Firefox Browser
2) Run Live HTTP Headers and check "capture"
3) Open vulnerable website and go to the admin path .. ex : http://www.site.com/catalog/admin/....
4) Return to Live HTTP Headers and look for http://www.site.com/path/admin/ .. click it and run "Replay"
5) Change GET Request to LOL, then click "Replay" .. If the authentication request appears click "cancel" and you are in admin panel..
-----------------------------------------------------------------------------------------------------------------------------------------
Demo website:
-----------------------------------------------------------------------------------------------------------------------------------------
https://www.jpws.com.au/catalog/admin/