"powered by CubeCart 2.0"

• SHDB
• 1567 阅读

• 日期：2005-02-16
• 类别：
  • Advisories and Vulnerabilities
• 作者：anonymous
• 语法："powered by CubeCart 2.0"

• This search reveals an alarming number of servers running versions of Brooky CubeCart that are reported to be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied data....susceptible to a remote directory traversal vulnerability...cross-site scripting vulnerability may allow for theft of cookie-based authentication credentials or other attacks.An exploit is not required.The following proof of concept examples are available:http://www.example.com/index.php?&language=../../../../../../../../etc/passwdhttp://www.example.com/index.php?&language=var%20test_variable=31337;alert(test_variable); Vulnerability was published 2-14-2005http://www.securityfocus.com/bid/12549/