CubeCart 3.0.4 – SQL Injection

Exploit Database
4 阅读

作者： Dr.NeT

日期： 2010-12-23
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15816/

/////////////////((<? Dr.NeT @ Abdullah hacker team))//////////////
///
///#Title: CubeCart 3.0.4 <= SQL injection Vulnerabilities 
///
///#Script : CubeCart 3.0.4
///
///#Language : Php
///
///#Download : http://www.cubecart.com/
///
///#Date : 2010/12/23
///
///#Version: 3.0.4
///
///#Dork : "Powered by CubeCart 3.0.4"
///
///#info : Dr.NeT @ Abdullah hacker team : xdr.netx@gmail.com
///
//////////////////////////////////////////////////////////////////
///
///$$ Exploit -
///
/// http://loaclhost/index.php?_a=viewProd&productId=(SQL injection)
///
///@@ admin page 
/// 
///@@ http://loaclhost/admin
///
///
///
///
/// Greetz : Sport Evel , MR.bng ,Black Cobra,Abdullah hacker team,Mn7rf hacker, Mr.MoDaMeR,all muslam hackers
/// ::: exit :::
/////////////////((Dr.NeT @ Abdullah hacker team?>))//////////////

last Exploits
CubeCart 3.0.4 – SQL Injection的更多信息

Teracom Modem T2-B-Gawv1.4U10Y-BI – Cross-Site Request Forgery：
Life Insurance Management System 1.0 – ‘client_id’ SQL Injection：
Budget and Expense Tracker System 1.0 – Remote Code Execution (RCE) (Unauthenticated)：
OpenEMR 5.0.1.3 – ‘manage_site_files’ Remote Code Execution (Authenticated)：
Advanced Comment System 1.0 – ‘ACS_path’ Path Traversal：
eyeOS 1.9.0.2 – Image File Handling HTML Injection：
Joomla! Component com_products – ‘intCategoryId’ SQL Injection：
userSpice 4.3.24 – ‘X-Forwarded-For’ Cross-Site Scripting：