[VIM] [Full-disclosure] CubeCart <=3.0.14 Bind Sql Injection POC.

str0ke str0ke at milw0rm.com
Mon Nov 27 16:49:37 EST 2006


The author stated that someone hacked his email account and sent it
out to the public.

/str0ke

On 11/27/06, George A. Theall <theall at tenablesecurity.com> wrote:
> There was a recent announcement about a SQL injection flaw in CubeCart
> posted on Full Disclosure:
>
>    http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0386.html
>
> The PoC presents a web form that, when you hit "Submit", doesn't
> actually send any requests to a target but just decodes and spits out a
> string that contains, in part, "Novalok is a fucking moron". Anybody
> have an idea what the intended impact is?
>
> George
> --
> theall at tenablesecurity.com
>


More information about the VIM mailing list