Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

CS-Cart - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#cscart#lfi
Description

What is "CS-Cart - Local File Inclusion?"

The "CS-Cart - Local File Inclusion" module is designed to detect a vulnerability in the CS-Cart software. CS-Cart is an e-commerce platform that allows users to create and manage online stores. This module specifically targets the CS-Cart software and identifies instances of local file inclusion (LFI) vulnerabilities. LFI vulnerabilities can allow remote unauthenticated attackers to access locally stored files and reveal their content. The severity of this vulnerability is classified as high, with a CVSS score of 7.5.

This module was authored by 0x_Akoko.

Impact

A successful exploitation of the local file inclusion vulnerability in CS-Cart can lead to unauthorized access to sensitive files stored on the server. This can potentially expose sensitive information, such as configuration files, user credentials, or other confidential data. Attackers may leverage this vulnerability to gain further access to the system or launch additional attacks.

How the module works?

The "CS-Cart - Local File Inclusion" module works by sending HTTP requests to the CS-Cart software with specific parameters that exploit the LFI vulnerability. One example of such a request is:

GET /classes/phpmailer/class.cs_phpmailer.php?classes_dir=../../../../../../../../../../../etc/passwd%00

This request attempts to access the "/etc/passwd" file by manipulating the "classes_dir" parameter. The module then applies matching conditions to determine if the vulnerability is present. The matching conditions include:

- A regular expression match that looks for the presence of the "root" user in the retrieved file content. - A status code match that checks if the HTTP response status is 200 (indicating a successful request).

If both matching conditions are met, the module reports the vulnerability.

For more information, please refer to the module's reference.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/classes/phpmailer/c...
Matching conditions
regex: root:.*:0:0:and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability