Skip to content

bousalman/S-Cart-Arbitrary-File-Upload

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

S-Cart Arbitrary File Upload

Description

The e-Commerce web application S-Cart https://github.com/s-cart/s-cart version 6.4.1 and prior is vulnerable to Arbitrary File Upload on the Admin Panel. Authenticated users on Admin panel can upload a new files thru the Editor module when adding/editing contents such as News or Pages, it's possible to send a HTTP POST request with a malicious payload that contains PHP code. The uploaded file will be written on the content folder and can be accessed thru a GET request. The current checking used by the application when uploading the files is not suffiecient since Attacker can bypass the MIME type checking by sending a crafted img file hosting a magic byte.

Mitigation

To mitigate this issue, better make a use of the pathinfo() function to get the extension of the uploaded file and make sure to compare it against a whilelist of approved extensions list.

About

Arbitrary File Upload Vulnerability

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published