7 lines
No EOL
567 B
Text
7 lines
No EOL
567 B
Text
source: http://www.securityfocus.com/bid/6746/info
|
|
|
|
phpMyShop, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries.
|
|
|
|
This vulnerability was reported to exist in the compte.php script file. A remote attacker can exploit this vulnerability to bypass the phpMyShop authentication/registration process.
|
|
|
|
http://[target]/compte.php?achat=1&valider=1&identifiant='%20OR%20''='&password='%20OR%20''=' |