CVE-2024-26521 PoC — CE Phoenix Cart 安全漏洞

Source

https://github.com/hackervegas001/CVE-2024-26521

Associated Vulnerability

Title:CE Phoenix Cart 安全漏洞 (CVE-2024-26521)
Description:HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component.

Description

Html Injection vulnearbility in CE-Phoenix-v1.0.8.20 where malicious HTML code is inserted into a website. This can lead to a variety of issues, from minor website defacement to serious data breaches.

Readme

# CVE-2024-26521
CE-Phoenix-v1.0.8.20
Html Injection vulnearbility

# Login Page
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/fdcac5f4-be7a-4c11-9cf7-035dbc44e3d9)

As we can see there is a login page that anyone can understand there is a HTML injection vulnerability are there in this application.

![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/2ddaa0eb-fd7f-4351-9710-de0483a48635)

Basically in this application all php save in this location as you can see the image given below!

![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/9511197e-674e-40d3-ac6b-c3d093e6a43e)

# HTML Injection codes
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/7b0ecb0c-852c-418b-b442-36dd7221c1d1)

# PoC - Proof of concept image 
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/34c0de44-4085-44d9-8d05-edbcd6fcfb37)

# Payloads
payloads.txt

# PoC Video

https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/a7e8c1a1-a0e6-412a-ab91-da4d3974db77

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!