IG Shop 1.4 Change_Pass.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20768/info iG Shop is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the...

igshopdisp-sql.txt

|| | | iG Shop displayreview.php id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.Hussin-X.CoM | www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | script :...

iG Shop 1.4 eval Inclusion Vulnerability

!/usr/bin/perl -w use LWP::UserAgent; iG Shop 1.4 eval Inclusion Vulnerability found by IFX nyubicrew Vulnerability on page.php if !$action $action = "make"; // here the function will be called. eval "page$action;"; die "Example: perl $0 http://www.planetgolfuk.co.uk/shopn" unless @ARGV; $b =...

Sql injection

SQL injection vulnerability in shop/page.php in iGeneric iG Shop 1.4 allows remote attackers to execute arbitrary SQL commands via the typeid parameter, a different vector than CVE-2005-0537...

iG Shop 1.4 (page.php) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================= iG Shop 1.4 page.php Remote SQL Injection Vulnerability ========================================================= Discovered by: gsy & kerem125 Script Download:...

IGeneric IG Shop SQL注入漏洞

IGeneric IG Shop是一款基于PHP的WEB应用程序。 IGeneric IG Shop不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是'compareproduct.php'脚本对用户提交的'id'参数缺少过滤，提交恶意脚本代码作为参数数据，可导致获得敏感信息。 iGeneric iG Shop 1.0 目前没有解决方案提供： http://www.igeneric.co.uk/displayresources/resource1.html...

ig shop 1.0 - Code Execution SQL Injection

ig shop 1.0 - Code Execution SQL Injection "If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;";...

ig shop 1.0 - Code Execution / SQL Injection

"If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;"; http://127.0.0.1/igshop/page.php?action=;phpinfo;//...

CVE-2006-5631

Cross-site scripting XSS vulnerability in changepass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-56...

CVE-2006-5632

Cross-site scripting XSS vulnerability in changepass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

PT-2006-6339 · Ig · Ig Shop

Name of the Vulnerable Software and Affected Versions: iG Shop version 1.4 Description: The issue is related to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings in the change pass.php file when the action...

PT-2006-6340 · Ig · Ig Shop

Name of the Vulnerable Software and Affected Versions: iG Shop version 1.4 Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the id parameter in the change pass.php file. Recommendations: For iG Shop version 1.4, avoid using...

IG Shop 1.4 - Change_Pass.php Cross-Site Scripting

IG Shop 1.4 - ChangePass.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20768/info iG Shop is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...

IG Shop 1.4 - 'Change_Pass.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20768/info iG Shop is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in...