https://www.exploit-db.com/exploits/22209
https://cxsecurity.com/issue/WLB-2007110022
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-443

myphpshop是一款小型的电子商务服务程序。myphpshop没有充分过滤用户提供的输入，远程攻击者可以利用这个漏洞提供恶意参数，使的SQL逻辑修改，未经认证访问系统。myphpshop包含的compte.php脚本文件对’identifiant’和’password’变量缺少正确过滤，攻击者提供类似”=”的SQL表达式，就可以导致修改原来系统的SQL逻辑，认为条件一直为真，结果可使远程攻击者绕过myphpshop验证/注册过程访问系统。

source: http://www.securityfocus.com/bid/6746/info

phpMyShop, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. 

This vulnerability was reported to exist in the compte.php script file. A remote attacker can exploit this vulnerability to bypass the phpMyShop authentication/registration process.

http://[target]/compte.php?achat=1&valider=1&identifiant='%20OR%20''='&password='%20OR%20''='

来源:SECTRACK
名称:1006030
链接:http://www.securitytracker.com/id?1006030
来源:BID
名称:6746
链接:http://www.securityfocus.com/bid/6746
来源:BUGTRAQ
名称:20030203phpMyShop(php)
链接:http://www.securityfocus.com/archive/1/archive/1/309921/30/26090/threaded
来源:SREASON
名称:3348
链接:http://securityreason.com/securityalert/3348
来源:SECUNIA
名称:7990
链接:http://secunia.com/advisories/7990
来源：NSFOCUS
名称：4320
链接：http://www.nsfocus.net/vulndb/4320