[VIM] [Full-disclosure] CubeCart <=3.0.14 Bind Sql InjectionPOC.
J. M. Seitz
jms at bughunter.ca
Mon Nov 27 16:53:01 EST 2006
Well isn't that sweet, has someone tested this out at all, aside from the
fact that it appears to be a load of shyte?
JS
-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf
Of str0ke
Sent: Monday, November 27, 2006 1:50 PM
To: Vulnerability Information Managers
Subject: Re: [VIM] [Full-disclosure] CubeCart <=3.0.14 Bind Sql
InjectionPOC.
The author stated that someone hacked his email account and sent it out to
the public.
/str0ke
On 11/27/06, George A. Theall <theall at tenablesecurity.com> wrote:
> There was a recent announcement about a SQL injection flaw in CubeCart
> posted on Full Disclosure:
>
>
> http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0386.htm
> l
>
> The PoC presents a web form that, when you hit "Submit", doesn't
> actually send any requests to a target but just decodes and spits out
> a string that contains, in part, "Novalok is a fucking moron". Anybody
> have an idea what the intended impact is?
>
> George
> --
> theall at tenablesecurity.com
>
More information about the VIM
mailing list