CS-Cart 1.3.3 – authenticated RCE

• Exploit Database
• 128 阅读

• 作者： 0xmmnbassel
  日期： 2020-10-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48891/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

  # Exploit Title: CS-Cart authenticated RCE # Date: 2020-09-22 # Exploit Author:0xmmnbassel # Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html # Tested at: ver. 1.3.3 # Vulnerability Type: authenticated RCE       get PHP shells from <blockquote class="wp-embedded-content" data-secret="UxBI02QdhN"><a href="https://pentestmonkey.net/tools/web-shells/php-reverse-shell" target="_blank"rel="external nofollow" class="external" >php-reverse-shell</a></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; visibility: hidden;" title="“php-reverse-shell” — pentestmonkey" src="https://pentestmonkey.net/tools/web-shells/php-reverse-shell/embed#?secret=z823tW78N3#?secret=UxBI02QdhN" data-secret="UxBI02QdhN" frameborder="0" marginmarginscrolling="no"></iframe> edit IP && PORT Upload to file manager change the extension from .php to .phtml visit http://[victim]/skins/shell.phtml --> Profit. ...!