CVE-2007-3138

Open Solution Quick.Cart < 2.2 - Directory Traversal via sLanguage Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3138. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a remote local file inclusion vulnerability in Quick.Cart <= v2.2, allowing remote code execution by injecting malicious code into log files and leveraging the LANGUAGE cookie to include and execute it. It also includes functionality to authenticate as an admin if credentials are provided.

Description

Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/4025

View Code ZIP pw:eip

This exploit targets a remote local file inclusion vulnerability in Quick.Cart <= v2.2, allowing remote code execution by injecting malicious code into log files and leveraging the LANGUAGE cookie to include and execute it. It also includes functionality to authenticate as an admin if credentials are provided.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Quick.Cart <= v2.2

Auth required

Prerequisites: Target server running Quick.Cart <= v2.2 · Write access to log files · Admin credentials if default credentials are changed

MITRE ATT&CK