PHPMyShop 1.0 - 'compte.php' SQL Injection

EDB-ID:

22209


Author:

frog

Type:

webapps


Platform:

PHP

Date:

2003-02-03


source: https://www.securityfocus.com/bid/6746/info

phpMyShop, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. 

This vulnerability was reported to exist in the compte.php script file. A remote attacker can exploit this vulnerability to bypass the phpMyShop authentication/registration process.

http://[target]/compte.php?achat=1&valider=1&identifiant='%20OR%20''='&password='%20OR%20''='