CVE-2013-3651 PoC — LOCKON EC-CUBE 安全漏洞

Source

https://github.com/motikan2010/CVE-2013-3651

Associated Vulnerability

Title:LOCKON EC-CUBE 安全漏洞 (CVE-2013-3651)
Description:LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SC_CheckError.php and data/class/SC_FormParam.php.

Description

CVE-2013-3651 PoC - EC-CUBE 2

Readme

# CVE-2013-3651 PoC - EC-CUBE 2

## Using

### Require

- Python 3

### Exec

```
$ python poc_cve_2013_3651.py <Target URL>

- e.g.
$ python poc_cve_2013_3651.py http://127.0.0.1:9000/
Result: Vulnerable!
```

## PoC

- 脆弱性 | ECサイト構築・リニューアルは「ECオープンプラットフォームEC-CUBE」  
https://www.ec-cube.net/info/weakness/weakness.php?id=49

## Reference

- JVNDB-2013-000062 - JVN iPedia  
https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000062.html

- ECサイト構築で多く利用されている「EC-CUBE」を用いたウェブサイトでの情報漏えい被害の増加について：IPA 独立行政法人 情報処理推進機構  
https://www.ipa.go.jp/security/announce/alert20191225.html

File Snapshot


 [4.0K]  /data/pocs/ceaefd0a5d6d7cad17e5e80271c2453d8ec66583
├── [ 911]  poc_cve_2013_3651.py
└── [ 749]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!