97ece9d27b
11 changes to exploits/shellcodes Employee Management System 1.0 - Cross Site Scripting (Stored) Employee Management System 1.0 - Authentication Bypass Alumni Management System 1.0 - Authentication Bypass Company Visitor Management System (CVMS) 1.0 - Authentication Bypass Restaurant Reservation System 1.0 - 'date' SQL Injection (Authenticated) aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated) Seat Reservation System 1.0 - Remote Code Execution (Unauthenticated) Hotel Management System 1.0 - Remote Code Execution (Authenticated) Seat Reservation System 1.0 - Unauthenticated SQL Injection CS-Cart 1.3.3 - 'classes_dir' LFI CS-Cart 1.3.3 - authenticated RCE
15 lines
No EOL
458 B
Text
15 lines
No EOL
458 B
Text
# Exploit Title: CS-Cart authenticated RCE
|
|
# Date: 2020-09-22
|
|
# Exploit Author: 0xmmnbassel
|
|
# Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html
|
|
# Tested at: ver. 1.3.3
|
|
# Vulnerability Type: authenticated RCE
|
|
|
|
|
|
|
|
get PHP shells from
|
|
http://pentestmonkey.net/tools/web-shells/php-reverse-shell
|
|
edit IP && PORT
|
|
Upload to file manager
|
|
change the extension from .php to .phtml
|
|
visit http://[victim]/skins/shell.phtml --> Profit. ...! |