[VIM] [Full-disclosure] CubeCart <=3.0.14 Bind Sql Injection POC.
George A. Theall
theall at tenablesecurity.com
Mon Nov 27 16:46:44 EST 2006
There was a recent announcement about a SQL injection flaw in CubeCart
posted on Full Disclosure:
http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0386.html
The PoC presents a web form that, when you hit "Submit", doesn't
actually send any requests to a target but just decodes and spits out a
string that contains, in part, "Novalok is a fucking moron". Anybody
have an idea what the intended impact is?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list