143 lines
No EOL
5.2 KiB
Text
143 lines
No EOL
5.2 KiB
Text
# Exploit Title: CubeCart 2.0.7 XSS && Remote SQL Injection => Multiple Vulnerabilities
|
|
# Date: June, 14th 2011 [GMT +7]
|
|
# Author: Shamus
|
|
# Software Link: http://www.cubecart.com/
|
|
# Version : CubeCart 2.0.7
|
|
# Tested on: windows 7, ubuntu 11.04
|
|
# CVE : -
|
|
|
|
-----------------------------------------------------------------------------------------
|
|
CubeCart 2.0.7 XSS && Remote SQL Injection => Multiple Vulnerabilities
|
|
-----------------------------------------------------------------------------------------
|
|
|
|
Author : Shamus
|
|
Date : June, 14th 2011 [GMT +7]
|
|
Location : Solo && Jogjakarta, Indonesia
|
|
Web : http://antijasakom.net/forum
|
|
Critical Lvl : Medium
|
|
Impact : Exposure of sensitive information
|
|
Where : From Remote
|
|
---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
Affected software description:
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Application : CubeCart
|
|
Version : CubeCart 2.0.7
|
|
Vendor : Devellion Limited of 5 Bridge Street,Bishops Stortford, HERTS. CM23 2JU (Company Registration Number 5323904)
|
|
Download : http://www.cubecart.com/site/downloads/
|
|
Description :
|
|
CubeCart is a fully featured ecommerce shopping cart solution used by over a million store owners around the world.
|
|
CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support.
|
|
With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world.
|
|
There are a great deal of powerful features enabling your business to trade online successfully.
|
|
It is easy to modify the look and feel of your store to match your company's branding or to site comfortably beside your existing website due to CubeCart's powerful HTML template system.
|
|
Our solutions are robust, flexible, affordable and are supported by not only a profitable and stable company but a thriving community of enthusiasts who are keen to recommend it and share their ideas and experience.
|
|
To use CubeCart you will require a compatible web hosting account. If you wish to take credit/debit card payments a merchant account will be required to work with one of the supported modules.
|
|
If you have any questions about our products or services, please be sure to contact a member of staff who will be delighted to help.
|
|
|
|
--------------------------------------------------------------------------
|
|
|
|
|
|
|
|
Vulnerability:
|
|
~~~~~~~~~~~~
|
|
A weakness has been discovered cubecart.
|
|
Where an attacker could exploit the gap that exists to obtain sensitive data within the database.
|
|
This may compromise the integrity of your database and/or expose sensitive information.
|
|
- The SQL injection vulnerability identified in the path "index.php", "view_cart.php" and "view_product.php".
|
|
- The XSS vulnerability identified in the path "search".
|
|
|
|
|
|
PoC/Exploit:
|
|
~~~~~~~~~~
|
|
SQL injection vulnerability affects:
|
|
|
|
- http://site.com/path/index.php?cat_id=%27
|
|
|
|
- http://site.com/path/view_product.php?product=%27
|
|
|
|
- http://site.com/path/view_cart.php?add=%27
|
|
|
|
|
|
XSS vulnerability affects:
|
|
|
|
- http://site.com/path/search.php
|
|
|
|
admin page:
|
|
|
|
- http://site.com/path/admin/login.php
|
|
|
|
|
|
Dork:
|
|
~~~~~
|
|
Google : inurl:"index.php?cat_id=" powered by CubeCart 2.0.7
|
|
|
|
Solution:
|
|
~~~~~
|
|
- Your script should filter metacharacters from user input.
|
|
- Edit the source code to ensure that input is properly verified.
|
|
|
|
|
|
Timeline:
|
|
~~~~~~~
|
|
- 12 - 06 - 2011 bug found.
|
|
- 12 - 06 - 2011 vendor contacted, but no response.
|
|
- 14 - 06 - 2011 Advisories release.
|
|
|
|
---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
Shoutz:
|
|
~~~~~~~
|
|
oO0::::: Greetz and Thanks: :::::0Oo.
|
|
Tuhan YME
|
|
My Parents
|
|
SPYRO_KiD
|
|
K-159
|
|
lirva32
|
|
newbie_campuz
|
|
|
|
And Also My LuvLy wife :
|
|
..::.E.Z.R (The deepest Love I'v ever had..).::..
|
|
|
|
in memorial :
|
|
1. Monique
|
|
2. Dewi S.
|
|
3. W. Devi Amelia
|
|
4. S. Anna
|
|
|
|
oO0:::A hearthy handshake to: :::0Oo
|
|
~ Crack SKY Staff
|
|
~ Echo staff
|
|
~ antijasakom staff
|
|
~ jatimcrew staff
|
|
~ whitecyber staff
|
|
~ lumajangcrew staff
|
|
~ devilzc0de staff
|
|
~ unix_dbuger, boys_rvn1609, jaqk, byz9991, bius, g4pt3k, anharku, wandi, 5yn_4ck, kiddies, bom2, untouch, antcode
|
|
~ arthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci, x-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber, kucinghitam, black_samuraixxx, ucrit_penyu, wendys182, cybermuttaqin
|
|
~ k3nz0, thomas_ipt2007, blackpaper, nakuragen, candra, dewa
|
|
~ whitehat, wenkhairu, Agoes_doubleb, diki, lumajangcrew a.k.a adwisatya a.k.a xyberbreaker, wahyu_antijasakom
|
|
~ Cruz3N, mywisdom,flyff666, gunslinger_, ketek, chaer.newbie, petimati, gonzhack, spykit, xtr0nic, N4ck0, assadotcom, Qrembiezs, d4y4x, gendenk, si bD, Jimmy Deadc0de, Rede Deadc0de
|
|
~ All people in SMAN 3
|
|
~ All members of spyrozone
|
|
~ All members of echo
|
|
~ All members of newhack
|
|
~ All members of jatimcrew
|
|
~ All members of Anti-Jasakom
|
|
~ All members of whitecyber
|
|
~ All members of Devilzc0de
|
|
~ All members of Kaskus - "Especially Regional Solo Kaskus"
|
|
#e-c-h-o, #K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding, #jatimcrew, #antijasakom, #whitecyber, #devilzc0de
|
|
---------------------------------------------------------------------------
|
|
|
|
|
|
|
|
Contact:
|
|
~~~~~~~~~
|
|
Shamus : Shamus@antijasakom.net
|
|
Homepage: https://antijasakom.net/forum/viewtopic.php?f=38&t=737
|
|
-------------------------------- [ EOF ] ---------------------------------- |