MyCart shopping cart Upload Shell Vulnerability

vendor:

shopping cart

by:

indoushka

7.5

CVSS

HIGH

Upload Shell

434

CWE

Product Name: shopping cart

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)

2009

MyCart shopping cart Upload Shell Vulnerability

A vulnerability in MyCart shopping cart allows an attacker to upload a malicious shell to the web server. The attacker can then use the shell to gain access to the web server and execute arbitrary commands.

Mitigation:

Ensure that the web server is configured to only allow the upload of files with specific extensions and that the web server is configured to deny access to any uploaded files.

Source

Exploit-DB raw data:

========================================================================================             $
| # Title    : MyCart shopping cart Upload Shell Vulnerability                         |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # EDB-ID   :                                                                         |
| # CVE-ID   : ()                                                                      |
| # OSVDB-ID : ()                                                                      |
| # DAte     :16/12/2009                                                               |
| # Verified :                                                                         |
| # Web Site : www.iq-ty.com                                                           |
| # Published:                                                                         |
| # Script   : Powered by MyCart shopping cart                                         |
| # Tested on: windows SP2 Fran&#65533;ais V.(Pnx2 2.0) + Lunix Fran&#65533;ais v.(9.4 Ubuntu)       |
| # Bug      : Upload Shell                                                            |
======================      Exploit By indoushka       =================================
| # Exploit  :
|
| 1-http://localhost/Cart/admin/upload.php
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------