CS-Cart 1.3.3 Remote Code Execution ≈ Packet Storm

Roger Wilco Exploits 16 octobre 2020 Affichages : 429

# Exploit Title: CS-Cart authenticated RCE
# Date: 2020-09-22
# Exploit Author:  0xmmnbassel
# Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html
# Tested at: ver. 1.3.3
# Vulnerability Type: authenticated RCE
get PHP shells from
http://pentestmonkey.net/tools/web-shells/php-reverse-shell
edit IP && PORT
Upload to file manager
change the extension from .php to .phtml
visit http://[victim]/skins/shell.phtml --> Profit. ...!

Pensée du jour :

Ce que l'homme a fait ,

l'homme peut le défaire.

"No secure path in the world"

WHAT ARE YOU LOOKING FOR?

Popular Tags

CS-Cart 1.3.3 Remote Code Execution ≈ Packet Storm

Follow us on

Most popular

Tiki Wiki CMS Groupware 21.1 Authentication Bypass ≈ Packet Storm

Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection ≈ Packet Storm

Phone Shop Sales Managements System 1.0 Shell Upload ≈ Packet Storm

Monitorr 1.7.6m Authorization Bypass ≈ Packet Storm

OpenSMTPD Out-Of-Bounds Read / Local Privilege Escalation ≈ Packet Storm

Tomato: 1 Vulnhub Walkthrough

Category

Popular Sections

About