Guest mediamogul Posted August 24, 2006 Share Posted August 24, 2006 hi, for some reason i keep getting the following email spam from my cube cart: A message that you sent contained no recipient addresses, and therefore no delivery could be attempted. ------ This is a copy of your message, including all the headers. ------ To: Subject: Order No: 999999%'/**/or/**/basket=(SELECT(IF((ASCII(SUBSTRING(password,3,1))=102),benchmark(2000000,sha1('suntzu')),0))/**/FROM/**/CubeCart_admin_users/**/WHERE/**/isSuper=1)/* MIME-Version: 1.0 From: PortaBling.com <[email protected]> X-Mailer: CubeCart Mailer Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit Message-ID: <[email protected]> Date: Thu, 24 Aug 2006 11:05:46 -0500 Dear , Thank you for your order no: 999999%'/**/or/**/basket=(SELECT(IF((ASCII(SUBSTRING(password,3,1))=102),benchmark(2000000,sha1('suntzu')),0))/**/FROM/**/CubeCart_admin_users/**/WHERE/**/isSuper=1)/* placed on Dec 31 1969, 18:00 PM The transaction was successful and we will ship your goods at the first possible opportunity (if applicable). ~~~~~~~~~~~~~~~~~~~~~~~~~~ Name: Subtotal: Coupon Discount: Postage & Packaging: Tax: Grand Total: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Invoice Address: Shipping Address: Payment Method: Shipping Method: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Order Inventory: Any thoughts would be most appreciated! Thanks! Quote Link to comment Share on other sites More sharing options...
Robsta Posted August 24, 2006 Share Posted August 24, 2006 The latest release, 3.0.12, was released to patch this vulnerability I believe. Quote Link to comment Share on other sites More sharing options...
Guest mediamogul Posted August 24, 2006 Share Posted August 24, 2006 The latest release, 3.0.12, was released to patch this vulnerability I believe. Just updated it thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.