Authored by indoushka

eCart Multi Vendor eCommerce System version 1.x appears to leave a default administrative account in place post installation.

====================================================================================================================================
| # Title : eCart – Multi Vendor eCommerce System 1.x Insecure Settings Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit) |
| # Vendor : https://wrteam.in/product/ecart-multi-vendor-ecommerce-system/ |
| # Dork : "Made By WRTEAM." |
====================================================================================================================================

poc :

[+] The vulnerability is about leaving the default settings
During the installation of the script and using the default username and password

[+] Dorking İn Google Or Other Search Enggine.

[+] Use Payload : user=admin & pass=admin123

[+] https://admin.127.0.0.1.org/index.php

Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet |
|
=======================================================================================================================================