Tutorials to .com

Tutorials to .com » Php » Others » There are several security vulnerabilities PHPShop

There are several security vulnerabilities PHPShop

Print View , by: iSee ,Total views: 3 ,Word Count: 239 ,Date: Sun, 19 Apr 2009 Time: 7:35 PM

The affected system:

phpShop phpShop 0.6.1-b

Detailed Description:

phpShop is a PHP-based e-commerce process to facilitate the expansion of WEB function. phpShop there are several security issues, remote attacker could exploit these vulnerabilities to attack the database, access to sensitive information, execute arbitrary script code.

Specific questions are as follows:

1, SQL injection vulnerabilities:

When the update session SQL injection when there is a problem, can "page" variable malicious SQL commands to submit and amend the original SQL logic, the same on the "product_id" and "offset" variables into the same problems also exist.

2, user information disclosure vulnerability:

Through the query "account / shipto" module, will be a large number of customer information. If the user to a legitimate account, the administrator may view the information. This information includes customer's address, company name, etc. information.

3, the implementation of cross-site scripting attacks:

A number of parameters on the URI parameters of the user submitted the lack of adequate filtration, submitted to malicious HTML code that contains data that can lead to trigger cross-site scripting attacks, may be the target user's sensitive information.

At present, manufacturers have not provided a patch or upgrade.


php other Articles


Can't Find What You're Looking For?


Rating: Not yet rated

Comments

No comments posted.