Remote Arbitrary File Upload

vendor:

e-cart Shopping Carts

by:

ahmadbady

9,3

CVSS

HIGH

Remote Arbitrary File Upload

N/A

CWE

Product Name: e-cart Shopping Carts

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Remote Arbitrary File Upload

e-cart Shopping Carts is prone to a remote arbitrary file-upload vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and execute it in the context of the webserver process.

Mitigation:

No known mitigation

Source

Exploit-DB raw data:

                =-=-Remote Arbitrary File Upload-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script::e-cart Shopping Carts
-------------------------------------------------
Author: ahmadbady

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.e-cart.biz/e-cart_Free.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
upload:
/path/admin/editor/image.php --> upload shell.php

shell.php ---> /path/images/upload/shell.php

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=--=-=-=-=-=-=-

dork:
"Powered by e-cart.biz Shopping Carts & Storefronts"
"Powered by e-cart.biz Shopping Carts"

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=

# milw0rm.com [2009-04-17]