Re: CSC-Cart RCE - CVE-2017-15673

["oric one" <oric-1 () gmx com>]

1. Yes, it should have been cs-cart. This was a sloppy and stupid mistake. 

2. I believe I do and I believe my intended mail gave full disclosure. It appears though that the mail body may not 
have been sent. The contents taken from my sent messages says: 


**** Summary 

CS Cart is a PHP based shopping cart software, which is hosted either locally or by the company cs-cart company. It has 
a vulnerability in the administration section, which allows full remote code execution on the server. 

This has been allocated CVE-2017-15673 

**** Vendor of Product 
cs-cart.com 



**** Affected Product Code Base 
CS-Cart - 4.6.2 and Some Previous 



**** Attack Vectors 

A custom page can be created as part of the files function in the 
administration section. It is possible to give this page a .php 
filetype and fill it with valid PHP code. This can then be saved in a 
location which allows the pages to be executed as PHP, therefore 
gaining access to the whole server. 


Unless you suggest otherwise I will correct the header, remove the asterisks and ensure it is sent as text only.

Thanks

> Sent: Saturday, November 25, 2017 at 4:13 AM
> From: jericho <jericho () attrition org>
> To: "oric one" <oric-1 () gmx com>
> Cc: "Full Disclosure" <fulldisclosure () seclists org>
> Subject: re: CSC-Cart RCE - CVE-2017-15673
>
> 1. Do you mean CS-Cart? 2. Do you understand what 'full disclosure' means? - jericho

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/