header-logo
Suggest Exploit
vendor:
CS-Cart
by:
0xmmnbassel
7.5
CVSS
HIGH
authenticated RCE
78
CWE
Product Name: CS-Cart
Affected Version From: 1.3.3
Affected Version To: 1.3.3
Patch Exists: Yes
Related CWE: N/A
CPE: a:cs-cart:cs-cart
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2020

CS-Cart authenticated RCE

This exploit allows an attacker to gain remote code execution on a vulnerable CS-Cart installation. The attacker must first upload a PHP reverse shell to the file manager, changing the extension from .php to .phtml. The attacker can then visit the shell.phtml file to gain remote code execution.

Mitigation:

Ensure that all CS-Cart installations are up to date and that all users have strong passwords.
Source

Exploit-DB raw data:

# Exploit Title: CS-Cart authenticated RCE
# Date: 2020-09-22
# Exploit Author:  0xmmnbassel
# Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html
# Tested at: ver. 1.3.3
# Vulnerability Type: authenticated RCE



get PHP shells from
http://pentestmonkey.net/tools/web-shells/php-reverse-shell
edit IP && PORT
Upload to file manager
change the extension from .php to .phtml
visit http://[victim]/skins/shell.phtml --> Profit. ...!

Navigation

Suggest Exploit

Services By CQR