IGeneric Free Shopping Cart 1.4 - SQL Injection

2004-03-01T00:00:00
ID EXPLOITPACK:6FB6A498232B49D19FD26E21B3880CBC
Type exploitpack
Reporter David Sopas Ferreira
Modified 2004-03-01T00:00:00

Description

IGeneric Free Shopping Cart 1.4 - SQL Injection

                                        
                                            source: https://www.securityfocus.com/bid/9771/info

It has been reported that iGeneric Free Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters

As a result of this issue a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been conjectured that an attacker may be able to disclose user password hashes by exploiting this issue. This issue may also be leveraged to exploit latent vulnerabilities within the database itself. 

page.php?page_type=catalog_products&type_id[]='[SQL-Injection]&SESSION_ID={SESSION_ID}&SESSION_ID=