WHOISCART Scripting Vulnerability

vendor:

WHOISCART Web Application

by:

HAQIQ20

9.3

CVSS

HIGH

Scripting Vulnerability

CWE

Product Name: WHOISCART Web Application

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

WHOISCART Scripting Vulnerability

A vulnerability exists in the WHOISCART web application, which allows an attacker to execute arbitrary code on the server. The vulnerability is triggered when an attacker sends a specially crafted request to the server, which contains malicious code. The code is then executed on the server, allowing the attacker to gain access to sensitive information or execute arbitrary code.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.

Source

Exploit-DB raw data:

############################################################################

# #

### WHOISCART Scripting Vulnerability ###

# #

#############################################################################

# email : v7a@hotmail.fr<mailto:v7a@hotmail.fr> & r0ot@live.ru<mailto:r0ot@live.ru> #

# Author : HAQIQ20 #

# group : Avengers Team #

# HOME : http://whoiscart.net #

# #

# Dork : "inurl:whoiscart/admin/hostinginterfaces/" #

# #

#############################################################################

# #

# Exploit : #

# #

# http://server/whoiscart/admin/hostinginterfaces/cpanel_1_log.htm #

#

# Greetz.: Cyb3r IntRue + inject

#############################################################################