[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FD] CSC-Cart RCE - CVE-2017-15673
- To: jericho <jericho@xxxxxxxxxxxxx>
- Subject: Re: [FD] CSC-Cart RCE - CVE-2017-15673
- From: "oric one" <oric-1@xxxxxxx>
- Date: Tue, 28 Nov 2017 12:35:48 +0100
1. Yes, it should have been cs-cart. This was a sloppy and stupid mistake.
2. I believe I do and I believe my intended mail gave full disclosure. It
appears though that the mail body may not have been sent. The contents taken
from my sent messages says:
**** Summary
CS Cart is a PHP based shopping cart software, which is hosted either locally
or by the company cs-cart company. It has a vulnerability in the administration
section, which allows full remote code execution on the server.
This has been allocated CVE-2017-15673
**** Vendor of Product
cs-cart.com
**** Affected Product Code Base
CS-Cart - 4.6.2 and Some Previous
**** Attack Vectors
A custom page can be created as part of the files function in the
administration section. It is possible to give this page a .php
filetype and fill it with valid PHP code. This can then be saved in a
location which allows the pages to be executed as PHP, therefore
gaining access to the whole server.
Unless you suggest otherwise I will correct the header, remove the asterisks
and ensure it is sent as text only.
Thanks
> Sent: Saturday, November 25, 2017 at 4:13 AM
> From: jericho <jericho@xxxxxxxxxxxxx>
> To: "oric one" <oric-1@xxxxxxx>
> Cc: "Full Disclosure" <fulldisclosure@xxxxxxxxxxxx>
> Subject: re: CSC-Cart RCE - CVE-2017-15673
>
> 1. Do you mean CS-Cart? 2. Do you understand what 'full disclosure' means? -
> jericho
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/