Posted by Fernando Camara on Sep 10

Application: CubeCart 6.0.6 > 5.2.12
Fixed: 07/09/2015 (6.0.7)
Credits: Fernando Câmara @overflowy
Title: Admin account hijacking vulnerability
Dork: inurl:”index.php?_a=”
Requirements: Default admin recovery functions enabled…
Knowledge of the admin account email

P.O.C

Its possible for an attacker to access the admin pass recovery page without
sending a recovery email previously.

admin.php?_g=recovery

The form…