pedala1

reup?

intr`o casa cu tovarasii si multe femei

nu ai altceva mai bun de facut? lasa ciutanii sa isi faca si ei talentu`

Multa sanatate. Craciun fericit tuturor.

1. OVERVIEW The CubeCart 4.4.6 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world. 3. VULNERABILITY DESCRIPTION Multiple parameters are not properly sanitized, which allows attacker to conduct SQL Injection attack. This could an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. 4. VERSIONS AFFECTED 4.4.6 and lower 5. Affected URLs and Parameters /admin.php (active parameter) /admin.php (cat_id parameter) /admin.php (orderCol parameter) /admin.php (orderDir parameter) 6. SOLUTION The CubeCart 4.x version family is no longer maintained by the vendor. Upgrade to the currently supported latest CubeCart version - 5.x. 7. VENDOR CubeCart Development Team eCommerce Software | CubeCart 8. CREDIT Aung Khant, YGN Ethical Hacker Group :: Security Research, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2012-12-22: CubeCart 4.x in End-of-Support/Maintenance circle 2012-12-24: Vulnerability disclosed Sursa: CubeCart 4.4.6 SQL Injection ? Packet Storm

1. OVERVIEW CubeCart 4.4.6 and lower versions are vulnerable to Local File Inclusion. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world. 3. VULNERABILITY DESCRIPTION CubeCart 4.4.6 and lower versions contain a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/admin.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'loc' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server. 4. VERSIONS AFFECTED 4.4.6 and lower 5. Affected URL and Parameter /admin.php (loc parameter) /admin.php?_g=filemanager/language&loc=/../../../public_ftp/uploads/hack.inc.php 6. SOLUTION The CubeCart 4.x version family is no longer maintained by the vendor. Upgrade to the currently supported latest CubeCart version - 5.x. 7. VENDOR CubeCart Development Team eCommerce Software | CubeCart 8. CREDIT Aung Khant, YGN Ethical Hacker Group :: Security Research, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2012-12-22: CubeCart 4.x in End-of-Support/Maintenance circle 2012-12-24: Vulnerability disclosed Sursa: CubeCart 4.4.6 Local File Inclusion ? Packet Storm

Sa traiesti !

sunt seriosi? adica sa nu fie magari sa iti zica ca nuj ce prostie ai facut si sa iti inchida contul exact cand vrei sa scoti banii

Ia`ti un GeForce 8800GT eventual overclocked de la GIGABYTE

Foarte bun!! Multumesc

bine ai venit !

Kent8

E posibil sa nu creeze loguri pentru ca nu i`ai dat permisiune. Verifica chmod la phpurile alea

Eu as propune ca site-ul sa nu mai salveze ip-urile pentru ca astfel nu mai pot face nici legatura intre fapte si persoana. Ca se salveaza in logurile serverului asta nu cred k ar fi o problema. Acum depinde si de legislatia in vigoare dar nu cred ca poti obliga un detinator de site sa salveze ip-urile.

Haideti ca nu e chiar asa complicata. Multumim pt. loguri si data viitoare o criptare si mai si.

Asta e cumva o gluma? Sper sa fie asta ..

Inca o dovada a ceea ce crede lumea despre acest forum si despre cuvantul `hacker`

Va mai merge ?

reupload?

Cu certificatul este o problema

@wt123 adevarat. Induce pe multi in eroare.

haha ce magarie