EIP-2026-100371

PRE-CVE

iisCart2000 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100371. PoCs published by Bosen.

AI-analyzed exploit summary This exploit leverages a file upload vulnerability in iisCart2000's upload.asp script to read sensitive files (e.g., admin credentials) from the server. It uses JScript and ActiveX to traverse directories and display file contents, demonstrating arbitrary file access.

Description

iisCart2000 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bosen · webappsasp

https://www.exploit-db.com/exploits/22697

View Code ZIP pw:eip

This exploit leverages a file upload vulnerability in iisCart2000's upload.asp script to read sensitive files (e.g., admin credentials) from the server. It uses JScript and ActiveX to traverse directories and display file contents, demonstrating arbitrary file access.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: iisCart2000

No auth needed

Prerequisites: Vulnerable iisCart2000 installation with exposed upload.asp

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026