[VIM] [Full-disclosure] CubeCart <=3.0.14 Bind Sql Injection POC.

George A. Theall theall at tenablesecurity.com
Mon Nov 27 16:46:44 EST 2006

There was a recent announcement about a SQL injection flaw in CubeCart 
posted on Full Disclosure:


The PoC presents a web form that, when you hit "Submit", doesn't 
actually send any requests to a target but just decodes and spits out a 
string that contains, in part, "Novalok is a fucking moron". Anybody 
have an idea what the intended impact is?

theall at tenablesecurity.com

More information about the VIM mailing list