|
If you were logged in you would be able to see more operations.
|
|
|
|
Manipulation of the 'DOB' Variable on create_account.php can cause information disclosure:
In this example the POST variable 'DOB' has been set to: foobar
POST /oscommerce/create_account.php HTTP/1.0
action=process&gender=m&firstname=johne&lastname=smith&dob=foobar&email_address=email@address.com&company=foobar&street_address=foobar&suburb=foobar&postcode=foobar&city=foobar&state=foobar&country=1&telephone123456789&fax=123456789&newsletter=on&password=foobar&confirmation=foobar
Result:
Warning: checkdate() expects parameter 3 to be long, string given in /var/www/oscommerce/create_account.php on line 80
|
|
Description
|
Manipulation of the 'DOB' Variable on create_account.php can cause information disclosure:
In this example the POST variable 'DOB' has been set to: foobar
POST /oscommerce/create_account.php HTTP/1.0
action=process&gender=m&firstname=johne&lastname=smith&dob=foobar&email_address=email@address.com&company=foobar&street_address=foobar&suburb=foobar&postcode=foobar&city=foobar&state=foobar&country=1&telephone123456789&fax=123456789&newsletter=on&password=foobar&confirmation=foobar
Result:
Warning: checkdate() expects parameter 3 to be long, string given in /var/www/oscommerce/create_account.php on line 80 |
Show » |
|
|
Bug
Closed
Major
Information Disclosure