CVE-2012-0865

CubeCart < 3.0.20 - Open Redirect via switch.php r Parameter or admin/login.php goto Parameter

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-0865. PoCs published by Aung Khant.

AI-analyzed exploit summary The exploit describes a URI-redirection vulnerability in CubeCart due to improper input sanitization. It provides example URLs demonstrating how an attacker could redirect users to malicious sites via the 'redir' parameter.

Description

Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.

Exploits (3)

exploitdb WRITEUP VERIFIED

by Aung Khant · textwebappsphp

https://www.exploit-db.com/exploits/36685

View Code ZIP pw:eip

The exploit describes a URI-redirection vulnerability in CubeCart due to improper input sanitization. It provides example URLs demonstrating how an attacker could redirect users to malicious sites via the 'redir' parameter.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: CubeCart 3.0.20

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1566.002 - Spearphishing Link

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Aung Khant · textwebappsphp

https://www.exploit-db.com/exploits/36687

View Code ZIP pw:eip

The provided text describes a URI-redirection vulnerability in CubeCart 3.0.20, where unsanitized user input in the 'switch.php' script allows redirection to arbitrary domains. This can be exploited for phishing or other attacks.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: CubeCart 3.0.20

No auth needed

Prerequisites: Access to the vulnerable CubeCart instance

MITRE ATT&CK

T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Aung Khant · textwebappsphp

https://www.exploit-db.com/exploits/36686

View Code ZIP pw:eip

The exploit describes a URI-redirection vulnerability in CubeCart 3.0.20 due to improper input sanitization in the 'goto' parameter. An attacker can craft a malicious URL to redirect users to an arbitrary domain, aiding in phishing attacks.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: CubeCart 3.0.20

No auth needed

Prerequisites: Access to the target application's login page

MITRE ATT&CK