CubeCart 2.0.7 XSS && Remote SQL Injection => Multiple Vulnerabilities

2011.06.14
Credit: Shamus
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: CubeCart 2.0.7 XSS && Remote SQL Injection => Multiple Vulnerabilities # Date: June, 14th 2011 [GMT +7] # Author: Shamus # Software Link: http://www.cubecart.com/ # Version : CubeCart 2.0.7 # Tested on: windows 7, ubuntu 11.04 # CVE : - ----------------------------------------------------------------------------------------- CubeCart 2.0.7 XSS && Remote SQL Injection => Multiple Vulnerabilities ----------------------------------------------------------------------------------------- Author : Shamus Date : June, 14th 2011 [GMT +7] Location : Solo && Jogjakarta, Indonesia Web : http://antijasakom.net/forum Critical Lvl : Medium Impact : Exposure of sensitive information Where : From Remote --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : CubeCart Version : CubeCart 2.0.7 Vendor : Devellion Limited of 5 Bridge Street,Bishops Stortford, HERTS. CM23 2JU (Company Registration Number 5323904) Download : http://www.cubecart.com/site/downloads/ Description : CubeCart is a fully featured ecommerce shopping cart solution used by over a million store owners around the world. CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world. There are a great deal of powerful features enabling your business to trade online successfully. It is easy to modify the look and feel of your store to match your company's branding or to site comfortably beside your existing website due to CubeCart's powerful HTML template system. Our solutions are robust, flexible, affordable and are supported by not only a profitable and stable company but a thriving community of enthusiasts who are keen to recommend it and share their ideas and experience. To use CubeCart you will require a compatible web hosting account. If you wish to take credit/debit card payments a merchant account will be required to work with one of the supported modules. If you have any questions about our products or services, please be sure to contact a member of staff who will be delighted to help. -------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~ A weakness has been discovered cubecart. Where an attacker could exploit the gap that exists to obtain sensitive data within the database. This may compromise the integrity of your database and/or expose sensitive information. - The SQL injection vulnerability identified in the path "index.php", "view_cart.php" and "view_product.php". - The XSS vulnerability identified in the path "search". PoC/Exploit: ~~~~~~~~~~ SQL injection vulnerability affects: - http://site.com/path/index.php?cat_id=%27 - http://site.com/path/view_product.php?product=%27 - http://site.com/path/view_cart.php?add=%27 XSS vulnerability affects: - http://site.com/path/search.php admin page: - http://site.com/path/admin/login.php Dork: ~~~~~ Google : inurl:"index.php?cat_id=" powered by CubeCart 2.0.7 Solution: ~~~~~ - Your script should filter metacharacters from user input. - Edit the source code to ensure that input is properly verified. Timeline: ~~~~~~~ - 12 - 06 - 2011 bug found. - 12 - 06 - 2011 vendor contacted, but no response. - 14 - 06 - 2011 Advisories release. --------------------------------------------------------------------------- Shoutz: ~~~~~~~ oO0::::: Greetz and Thanks: :::::0Oo. Tuhan YME My Parents SPYRO_KiD K-159 lirva32 newbie_campuz And Also My LuvLy wife : ..::.E.Z.R (The deepest Love I'v ever had..).::.. in memorial : 1. Monique 2. Dewi S. 3. W. Devi Amelia 4. S. Anna oO0:::A hearthy handshake to: :::0Oo ~ Crack SKY Staff ~ Echo staff ~ antijasakom staff ~ jatimcrew staff ~ whitecyber staff ~ lumajangcrew staff ~ devilzc0de staff ~ unix_dbuger, boys_rvn1609, jaqk, byz9991, bius, g4pt3k, anharku, wandi, 5yn_4ck, kiddies, bom2, untouch, antcode ~ arthemist, opt1lc, m_beben, gitulaw, luvrie, poniman_coy, ThePuzci, x-ace, newbie_z, petunia, jomblo.k, hourexs_paloer, cupucyber, kucinghitam, black_samuraixxx, ucrit_penyu, wendys182, cybermuttaqin ~ k3nz0, thomas_ipt2007, blackpaper, nakuragen, candra, dewa ~ whitehat, wenkhairu, Agoes_doubleb, diki, lumajangcrew a.k.a adwisatya a.k.a xyberbreaker, wahyu_antijasakom ~ Cruz3N, mywisdom,flyff666, gunslinger_, ketek, chaer.newbie, petimati, gonzhack, spykit, xtr0nic, N4ck0, assadotcom, Qrembiezs, d4y4x, gendenk, si bD, Jimmy Deadc0de, Rede Deadc0de ~ All people in SMAN 3 ~ All members of spyrozone ~ All members of echo ~ All members of newhack ~ All members of jatimcrew ~ All members of Anti-Jasakom ~ All members of whitecyber ~ All members of Devilzc0de ~ All members of Kaskus - "Especially Regional Solo Kaskus" #e-c-h-o, #K-elektronik, #newhack, #Solohackerlink, #YF, #defacer, #manadocoding, #jatimcrew, #antijasakom, #whitecyber, #devilzc0de --------------------------------------------------------------------------- Contact: ~~~~~~~~~ Shamus : Shamus@antijasakom.net Homepage: https://antijasakom.net/forum/viewtopic.php?f=38&t=737 -------------------------------- [ EOF ] ----------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top