bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/16113.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

18 lines
No EOL
672 B
Text
Raw Permalink Blame History

This is a bug on old oscommerce / creloaded i just didn't find it in the
exploit-db database on the search.
# Exploit Title: OsCommerce/Creloaded tell a friend authentication bypass
# Date: 04/02/2010
# Author: Nicolas Krassas
# Version: $Id: tell_a_friend.php,v 1.1.1.1 2008/06/29 23:38:03
# Tested on: linux
When /tell_a_friend.php is called directly the user is redirected at
/product_info.php?products_id=0 where an access denied message is displayed.
Providing a valid product id (eg.
/tell_a_friend.php?action=process&products_id=[Product_id] ) though a guest
user can bypass the restriction and send unsolicited mails through the
system.
Regards,
Nicolas Krassas
Reference in a new issue View git blame Copy permalink