SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote malicious users to execute arbitrary SQL commands via the formid parameter.
#!/usr/bin/perl
#
# 05/18/2008 - IGSuite 324 Blind SQL Injection - k`sOSe
#
# 05/21/2008 - Vendor notified
# 05/23/2008 - A patch was pushed via the igsuited daemon(not enabled by default)
# Fix: run igsuited --update-igsuite or upgrade to 325-beta
#
# Tested on IGSuite 324 on linux with MySQL, needs nc(in path)
# Drops a reverse shell, ...