[VIM] [Full-disclosure] CubeCart <=3.0.14 Bind Sql InjectionPOC.
J. M. Seitz
jms at bughunter.ca
Mon Nov 27 16:53:01 EST 2006
Well isn't that sweet, has someone tested this out at all, aside from the
fact that it appears to be a load of shyte?
From: vim-bounces at attrition.org [mailto:vim-bounces at attrition.org] On Behalf
Sent: Monday, November 27, 2006 1:50 PM
To: Vulnerability Information Managers
Subject: Re: [VIM] [Full-disclosure] CubeCart <=3.0.14 Bind Sql
The author stated that someone hacked his email account and sent it out to
On 11/27/06, George A. Theall <theall at tenablesecurity.com> wrote:
> There was a recent announcement about a SQL injection flaw in CubeCart
> posted on Full Disclosure:
> The PoC presents a web form that, when you hit "Submit", doesn't
> actually send any requests to a target but just decodes and spits out
> a string that contains, in part, "Novalok is a fucking moron". Anybody
> have an idea what the intended impact is?
> theall at tenablesecurity.com
More information about the VIM