phpshopSQL.txt

2005-10-12T00:00:00
ID PACKETSTORM:40653
Type packetstorm
Reporter BiPi_HaCk
Modified 2005-10-12T00:00:00

Description

                                        
                                            `-----------------------------------------------------  
Nightmare TeAmZ Advisory 007  
------------------------------------------------------  
Date - 10/2005  
PhpShop Sql Injction  
  
AFFECTED PRODUCTS  
=================  
PhpShop  
http://www.virtualdimensions.co.uk  
  
OVERVIEW  
========  
This is a great ecommerce solution for anyone looking to benefit from   
content management and selling on the internet. Mambo-PHPshop is an   
excellent application that is extremely user friendly. It has very nice   
features and and interface that exceeds its competition.  
  
DETAILS  
=======  
1.Sql Injction  
This script is possibly vulnerable to SQL Injection attacks.  
An unauthenticated attacker may execute arbitrary SQL statements on the   
vulnerable system. This may compromise the integrity of your database and   
expose sensitive information  
  
POC  
===  
  
1.  
------  
Sql Injection  
  
Vulnerable Path:  
  
www.[Host]/[Path]/index.php?nr=1&main_kat=[SQL]  
  
  
Credits  
=======  
This vulnerability was discovered and researched by  
BiPi_HaCk, Advisory by Sub_Z3r0 of Nightmare TeAmZ,  
  
Site: http://www.NightmareTeAmZ.altervista.org  
  
_________________________________________________________________  
Comunica in tempo reale http://messenger.msn.com/beta  
`