exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CubeCart 2.0.7 Cross Site Scripting / SQL Injection

CubeCart 2.0.7 Cross Site Scripting / SQL Injection
Posted Jun 14, 2011
Authored by Shamus

CubeCart version 2.0.7 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 988a9c3a3598b0fae75a81847ac6d209b66747f1353950e522e2dca81f228937

CubeCart 2.0.7 Cross Site Scripting / SQL Injection

Change Mirror Download
# Exploit Title: CubeCart 2.0.7 XSS && Remote SQL Injection => Multiple Vulnerabilities
# Date: June, 14th 2011 [GMT +7]
# Author: Shamus
# Software Link: https://www.cubecart.com/
# Version : CubeCart 2.0.7
# Tested on: windows 7, ubuntu 11.04
# CVE : -

-----------------------------------------------------------------------------------------
CubeCart 2.0.7 XSS && Remote SQL Injection => Multiple Vulnerabilities
-----------------------------------------------------------------------------------------

Author : Shamus
Date : June, 14th 2011 [GMT +7]
Location : Solo && Jogjakarta, Indonesia
Web : https://antijasakom.net/forum
Critical Lvl : Medium
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------



Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~
Application : CubeCart
Version : CubeCart 2.0.7
Vendor : Devellion Limited of 5 Bridge Street,Bishops Stortford, HERTS. CM23 2JU (Company Registration Number 5323904)
Download : https://www.cubecart.com/site/downloads/
Description :
CubeCart is a fully featured ecommerce shopping cart solution used by over a million store owners around the world.
CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support.
With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world.
There are a great deal of powerful features enabling your business to trade online successfully.
It is easy to modify the look and feel of your store to match your company's branding or to site comfortably beside your existing website due to CubeCart's powerful HTML template system.
Our solutions are robust, flexible, affordable and are supported by not only a profitable and stable company but a thriving community of enthusiasts who are keen to recommend it and share their ideas and experience.
To use CubeCart you will require a compatible web hosting account. If you wish to take credit/debit card payments a merchant account will be required to work with one of the supported modules.
If you have any questions about our products or services, please be sure to contact a member of staff who will be delighted to help.

--------------------------------------------------------------------------



Vulnerability:
~~~~~~~~~~~
A weakness has been discovered cubecart.
Where an attacker could exploit the gap that exists to obtain sensitive data within the database.
This may compromise the integrity of your database and/or expose sensitive information.
- The SQL injection vulnerability identified in the path "index.php", "view_cart.php" and "view_product.php".
- The XSS vulnerability identified in the path "search".


PoC/Exploit:
~~~~~~~~~
SQL injection vulnerability affects:

- https://site.com/path/index.php?cat_id=%27

- https://site.com/path/view_product.php?product=%27

- https://site.com/path/view_cart.php?add=%27


XSS vulnerability affects:

- https://site.com/path/search.php

admin page:

- https://site.com/path/admin/login.php


Dork:
~~~~
Google : inurl:"index.php?cat_id=" powered by CubeCart 2.0.7

Solution:
~~~~
- Your script should filter metacharacters from user input.
- Edit the source code to ensure that input is properly verified.


Timeline:
~~~~~~
- 12 - 06 - 2011 bug found.
- 12 - 06 - 2011 vendor contacted, but no response.
- 14 - 06 - 2011 Advisories release.

---------------------------------------------------------------------------



Shoutz:
~~~~~~
oO0::::: Greetz and Thanks: :::::0Oo.
Tuhan YME
My Parents
SPYRO_KiD
K-159
lirva32
newbie_campuz

And Also My LuvLy wife :
..::.E.Z.R (The deepest Love I'v ever had..).::..

in memorial :
1. Monique
2. Dewi S.
3. W. Devi Amelia
4. S. Anna

oO0:::A hearthy handshake to: :::0Oo
~ Crack SKY Staff
~ Echo staff
~ antijasakom staff
~ jatimcrew staff
~ whitecyber staff
~ lumajangcrew staff
~ devilzc0de staff
~ unix_dbuger, boys_rvn1609, jaqk, byz9991, bius, g4pt3k, anharku, wandi, 5yn_4ck, kiddies, bom2, untouch, antcode
~ arthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci, x-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber, kucinghitam, black_samuraixxx, ucrit_penyu, wendys182, cybermuttaqin
~ k3nz0, thomas_ipt2007, blackpaper, nakuragen, candra, dewa
~ whitehat, wenkhairu, Agoes_doubleb, diki, lumajangcrew a.k.a adwisatya a.k.a xyberbreaker, wahyu_antijasakom
~ Cruz3N, mywisdom,flyff666, gunslinger_, ketek, chaer.newbie, petimati, gonzhack, spykit, xtr0nic, N4ck0, assadotcom, Qrembiezs, d4y4x, gendenk, si bD, Jimmy Deadc0de, Rede Deadc0de
~ All people in SMAN 3
~ All members of spyrozone
~ All members of echo
~ All members of newhack
~ All members of jatimcrew
~ All members of Anti-Jasakom
~ All members of whitecyber
~ All members of Devilzc0de
~ All members of Kaskus - "Especially Regional Solo Kaskus"
#e-c-h-o, #K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding, #jatimcrew, #antijasakom, #whitecyber, #devilzc0de
---------------------------------------------------------------------------



Contact:
~~~~~~~~
Shamus : Shamus@antijasakom.net<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>
Homepage: https://antijasakom.net/forum/viewtopic.php?f=38&t=737
-------------------------------- [ EOF ] ----------------------------------





Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close