-----------------------------------------------------
Nightmare TeAmZ Advisory 007
------------------------------------------------------
Date - 10/2005
PhpShop Sql Injction

AFFECTED PRODUCTS
=================
PhpShop
http://www.virtualdimensions.co.uk

OVERVIEW
========
This is a great ecommerce solution for anyone looking to benefit from 
content management and selling on the internet. Mambo-PHPshop is an 
excellent application that is extremely user friendly. It has very nice 
features and and interface that exceeds its competition.

DETAILS
=======
1.Sql Injction
This script is possibly vulnerable to SQL Injection attacks.
An unauthenticated attacker may execute arbitrary SQL statements on the 
vulnerable system. This may compromise the integrity of your database and 
expose sensitive information

POC
===

1.
------
Sql Injection

Vulnerable Path:

www.[Host]/[Path]/index.php?nr=1&main_kat=[SQL]


Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk, Advisory by Sub_Z3r0 of Nightmare TeAmZ,

Site: http://www.NightmareTeAmZ.altervista.org

_________________________________________________________________
Comunica in tempo reale http://messenger.msn.com/beta