[VIM] [Full-disclosure] CubeCart <=3.0.14 Bind Sql InjectionPOC.

J. M. Seitz jms at bughunter.ca
Mon Nov 27 16:53:01 EST 2006

Well isn't that sweet, has someone tested this out at all, aside from the
fact that it appears to be a load of shyte?


-----Original Message-----
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf
Of str0ke
Sent: Monday, November 27, 2006 1:50 PM
To: Vulnerability Information Managers
Subject: Re: [VIM] [Full-disclosure] CubeCart <=3.0.14 Bind Sql

The author stated that someone hacked his email account and sent it out to
the public.


On 11/27/06, George A. Theall <theall at tenablesecurity.com> wrote:
> There was a recent announcement about a SQL injection flaw in CubeCart 
> posted on Full Disclosure:
> http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0386.htm
> l
> The PoC presents a web form that, when you hit "Submit", doesn't 
> actually send any requests to a target but just decodes and spits out 
> a string that contains, in part, "Novalok is a fucking moron". Anybody 
> have an idea what the intended impact is?
> George
> --
> theall at tenablesecurity.com

More information about the VIM mailing list