Full Disclosure mailing list archives
Re: CSC-Cart RCE - CVE-2017-15673
From: "oric one" <oric-1 () gmx com>
Date: Tue, 28 Nov 2017 12:35:48 +0100
1. Yes, it should have been cs-cart. This was a sloppy and stupid mistake. 2. I believe I do and I believe my intended mail gave full disclosure. It appears though that the mail body may not have been sent. The contents taken from my sent messages says: **** Summary CS Cart is a PHP based shopping cart software, which is hosted either locally or by the company cs-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server. This has been allocated CVE-2017-15673 **** Vendor of Product cs-cart.com **** Affected Product Code Base CS-Cart - 4.6.2 and Some Previous **** Attack Vectors A custom page can be created as part of the files function in the administration section. It is possible to give this page a .php filetype and fill it with valid PHP code. This can then be saved in a location which allows the pages to be executed as PHP, therefore gaining access to the whole server. Unless you suggest otherwise I will correct the header, remove the asterisks and ensure it is sent as text only. Thanks
Sent: Saturday, November 25, 2017 at 4:13 AM From: jericho <jericho () attrition org> To: "oric one" <oric-1 () gmx com> Cc: "Full Disclosure" <fulldisclosure () seclists org> Subject: re: CSC-Cart RCE - CVE-2017-15673 1. Do you mean CS-Cart? 2. Do you understand what 'full disclosure' means? - jericho
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CSC-Cart RCE - CVE-2017-15673 oric one (Nov 24)
- <Possible follow-ups>
- Re: CSC-Cart RCE - CVE-2017-15673 jericho (Nov 28)
- Re: CSC-Cart RCE - CVE-2017-15673 oric one (Nov 28)