[VIM] [Full-disclosure] CubeCart <=3.0.14 Bind Sql Injection POC.
str0ke at milw0rm.com
Mon Nov 27 16:49:37 EST 2006
The author stated that someone hacked his email account and sent it
out to the public.
On 11/27/06, George A. Theall <theall at tenablesecurity.com> wrote:
> There was a recent announcement about a SQL injection flaw in CubeCart
> posted on Full Disclosure:
> The PoC presents a web form that, when you hit "Submit", doesn't
> actually send any requests to a target but just decodes and spits out a
> string that contains, in part, "Novalok is a fucking moron". Anybody
> have an idea what the intended impact is?
> theall at tenablesecurity.com
More information about the VIM