Security
Headlines
HeadlinesLatestCVEs

Headline

Quick Cart 6.7 Shell Upload

Quick Cart version 6.7 suffers from a remote shell upload vulnerability provided you have administrative privileges.

Packet Storm
#vulnerability#web#linux#php#rce#auth
# Title : Authenticated Remote Code Execution & Shell Upload# Product : Quick Cart# Vendor : https://opensolution.org/# Affected Version : 6.7# Researcher : Eagle Eye# Tested on : Window & Linux# Date : 11/06/2024# Affected path : admin.php , core/common-admin.php, database/config.php# Affected function : saveVariables()# Report : Already contact the vendor but no response# Description : Unfiltered parameter that post into admin.php?p=tools-config override any$config key value cause to unwanted file inclusion and allowed file extension overridinglead to remote code execution.# Step to reproduce (Method 1)- login at admin.php- click Products and New Product from top navbar- On the right panel, choose add file- Upload malicious script with extension txt or any allowed extension like jpg- click setting on right above- click save and intercept the request- on body parameter, add &default_pages_template=../../files/yourmaliciousfile.txt and proceed# Step to reproduce (Method 2)- login at admin.php- click setting on right above- click save and intercept the request- on body parameter, add &allowed_extensions=php and proceed- click Products and New Product from top navbar- On the right panel, choose add file- And you can upload malicious script with extension php - You may find on path eg: http://website.com/files/shell.php

Packet Storm: Latest News

Ubuntu Security Notice USN-7121-3