To access the dashboard, Schedule scans, API and Search become a patron

Search for hundreds of thousands of exploits

"CS-Cart 1.3.3 - authenticated RCE"

Author

Exploit author

0xmmnbassel

Platform

Exploit platform

php

Release date

Exploit published date

2020-10-16

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
# Exploit Title: CS-Cart authenticated RCE
# Date: 2020-09-22
# Exploit Author:  0xmmnbassel
# Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html
# Tested at: ver. 1.3.3
# Vulnerability Type: authenticated RCE



get PHP shells from
http://pentestmonkey.net/tools/web-shells/php-reverse-shell
edit IP && PORT
Upload to file manager
change the extension from .php to .phtml
visit http://[victim]/skins/shell.phtml --> Profit. ...!
Release Date Title Type Platform Author
2020-11-20 "Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)" local windows ZwX
2020-11-20 "Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH)" local windows "Vincent Wolterman"
2020-11-20 "Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit" local windows stresser
2020-11-20 "WonderCMS 3.1.3 - 'content' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-11-20 "IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow" local windows "Paolo Stagno"
2020-11-19 "Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow (PoC)" dos windows "Vincent Wolterman"
2020-11-19 "M/Monit 3.7.4 - Privilege Escalation" webapps multiple "Dolev Farhi"
2020-11-19 "Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure" remote hardware "Nitesh Surana"
2020-11-19 "PESCMS TEAM 2.3.2 - Multiple Reflected XSS" webapps multiple icekam
2020-11-19 "M/Monit 3.7.4 - Password Disclosure" webapps multiple "Dolev Farhi"
Release Date Title Type Platform Author
2020-10-16 "CS-Cart 1.3.3 - authenticated RCE" webapps php 0xmmnbassel
2020-10-16 "CS-Cart 1.3.3 - 'classes_dir' LFI" webapps php 0xmmnbassel
2020-07-29 "Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion" webapps hardware 0xmmnbassel
2020-07-28 "Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion" webapps hardware 0xmmnbassel
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48891/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.