GHDB
GHDB
|
Google Search: “powered by CubeCart 2.0″
GIGO rates this entry 8 out of 10. Submitted: 2005-02-16 00:00:00 Added by: GIGO Hits: 4280 Score: 8 This search reveals an alarming number of servers running versions of Brooky CubeCart that are reported to be prone to multiple vulnerabilities due to insufficient sanitization of user-supplied data….susceptible to a remote directory traversal vulnerability…cross-site scripting vulnerability may allow for theft of cookie-based authentication credentials or other attacks.An exploit is not required.The following proof of concept examples are available:http://www.example.com/index.php?&language=../../../../../../../../etc/passwdhttp://www.example.com/index.php?&language=var%20test_variable=31337;alert(test_variable); Vulnerability was published 2-14-2005http://www.securityfocus.com/bid/12549/ Comments: 2005-03-16 17:11:33 (ciminit): Don’t work! The passwd isn’t show, add in the post vulnerable versions 2.0.1 and 2.0.4 search= 2.0.* intitle:”powered by CubeCart” 2005-03-16 22:21:07 (GIGO): Oh it works (etc/passwd) and all, you just have to make sure the site is still running a version less then or equal to 2.0.4, as Google’s cache may not be current. Look at this screenshot from 5-16-2005: 
2005-03-16 22:24:54 (Anonymous): 3-16-2005 *doh* 2005-03-16 23:48:16 (Anonymous): My eyes are not opened enough? Where r the passwords here ?! I see only users and domains … 2005-03-17 00:05:53 (Anonymous): The screenshot simply shows that the concept works, while the info inside etc/passwd may or may not be trivial, this type of vulnerabilty could certainly be used in other ways to perfom further enumeration of the target and in turn escalate the attack. 2005-03-18 03:27:31 (Anonymous): http://store.fightingautism.org/index.php?&language=../../../../../../../../etc/passwd 2005-12-19 20:25:43 (Anonymous): here an other one: http://mpressme.com/shop/index.php?&language=../../../../../../../../etc/passwd |
Does GHDB still updates for now?
The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.
Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???
The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!
Is any offline view-able resources is available of this product ?