source: http://www.securityfocus.com/bid/6746/info phpMyShop, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This vulnerability was reported to exist in the compte.php script file. A remote attacker can exploit this vulnerability to bypass the phpMyShop authentication/registration process. http://[target]/compte.php?achat=1&valider=1&identifiant='%20OR%20''='&password='%20OR%20''='
Related ExploitsTrying to match CVEs (1): CVE-2003-1532
Trying to match OSVDBs (1): 40592
Other Possible E-DB Search Terms: PHPMyShop 1.0, PHPMyShop
|2010-10-01||phpMyShopping 1.0.1505 - Multiple Vulnerabilities||Metropolis|