CS-Cart 1.3.3 Remote Code Execution

CS-Cart 1.3.3 Remote Code Execution: Posted Oct 16, 2020; Authored by 0xmmnbassel; Details for achieving remote code execution on CS-Cart version 1.3.3, a really old version.; tags | exploit, remote, code execution; SHA-256 | 4f690f72e60232a009b2067ca291afec05fa7b7866b7cdeba59bfcaa0b0084bc; Download | Favorite | View

CS-Cart 1.3.3 Remote Code Execution

# Exploit Title: CS-Cart authenticated RCE
# Date: 2020-09-22
# Exploit Author:  0xmmnbassel
# Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html
# Tested at: ver. 1.3.3
# Vulnerability Type: authenticated RCE



get PHP shells from
https://pentestmonkey.net/tools/web-shells/php-reverse-shell
edit IP && PORT
Upload to file manager
change the extension from .php to .phtml
visit https://[victim]/skins/shell.phtml --> Profit. ...!

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 50 files
Debian 19 files
LiquidWorm 15 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CS-Cart 1.3.3 Remote Code Execution

CS-Cart 1.3.3 Remote Code Execution

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

CS-Cart 1.3.3 Remote Code Execution

Share This

CS-Cart 1.3.3 Remote Code Execution

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems