IGeneric Free Shopping Cart SQL Injection Vulnerability
BID:9771
Info
IGeneric Free Shopping Cart SQL Injection Vulnerability
| Bugtraq ID: | 9771 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2004 12:00AM |
| Updated: | Mar 01 2004 12:00AM |
| Credit: | Discovery of this issue is credited to David Sopas Ferreira <[email protected]> |
| Vulnerable: |
iGeneric Free Shopping Cart 1.4 |
| Not Vulnerable: | |
Discussion
IGeneric Free Shopping Cart SQL Injection Vulnerability
It has been reported that iGeneric Free Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters
As a result of this issue a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been conjectured that an attacker may be able to disclose user password hashes by exploiting this issue. This issue may also be leveraged to exploit latent vulnerabilities within the database itself.
It has been reported that iGeneric Free Shopping Cart is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI parameters
As a result of this issue a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It has been conjectured that an attacker may be able to disclose user password hashes by exploiting this issue. This issue may also be leveraged to exploit latent vulnerabilities within the database itself.
Exploit / POC
IGeneric Free Shopping Cart SQL Injection Vulnerability
No exploit is required to leverage this issue. The following proof of concept was provided:
page.php?page_type=catalog_products&type_id[]='[SQL-Injection]&SESSION_ID={SESSION_ID}&SESSION_ID=
No exploit is required to leverage this issue. The following proof of concept was provided:
page.php?page_type=catalog_products&type_id[]='[SQL-Injection]&SESSION_ID={SESSION_ID}&SESSION_ID=
Solution / Fix
IGeneric Free Shopping Cart SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
IGeneric Free Shopping Cart SQL Injection Vulnerability
References:
References:
- iG FREE Shopping Cart v1.4 (SystemSecure.org)
- iG Shop Product Page (iGeneric)