CVE-2009-2255

Zen Cart <= 1.3.8a - Unauthenticated Arbitrary File Upload via record_company_image Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2255. PoCs published by BlackH.

AI-analyzed exploit summary This exploit targets a file upload vulnerability in Zen Cart 1.3.8, allowing remote code execution by uploading a malicious PHP file via the 'record_company.php' endpoint. It leverages the 'phpsploit' class to craft multipart/form-data requests and execute arbitrary commands.

Description

Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/record_company.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the record_company_image parameter in conjunction with a PATH_INFO of password_forgotten.php, then accessing this file via a direct request to the file in images/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackH · phpwebappsphp

https://www.exploit-db.com/exploits/9004

View Code ZIP pw:eip

This exploit targets a file upload vulnerability in Zen Cart 1.3.8, allowing remote code execution by uploading a malicious PHP file via the 'record_company.php' endpoint. It leverages the 'phpsploit' class to craft multipart/form-data requests and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Zen Cart 1.3.8

No auth needed

Prerequisites: Access to the target's /admin/ directory · PHP execution environment

MITRE ATT&CK