header-logo
Suggest Exploit
vendor:
ECommerceMajor
by:
Rahul Pratap Singh
9,8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: ECommerceMajor
Affected Version From: 1.0
Affected Version To: 1.2
Patch Exists: Yes
Related CWE: CVE-2015-8271
CPE: a:ecommercemajor:ecommercemajor:1.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2015-8271/https://www.rapid7.com/db/vulnerabilities/debian-cve-2015-8271/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2015

ECommerceMajor SQL Injection Vulnerability

'prodid' field in productdtl.php is not properly sanitized, that leads to SQL Injection Vulnerability.

Mitigation:

Input validation and proper sanitization of user input is the best way to prevent SQL Injection.
Source

Exploit-DB raw data:

#Exploit Title      : ECommerceMajor SQL Injection Vulnerability
#Exploit Author  : Rahul Pratap Singh
#Date                 : 13/Dec/2015
#Home page Link  : https://github.com/xlinkerz/ecommerceMajor
#Website            : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94

1. Description

"prodid" field in productdtl.php is not properly sanitized, that leads to
SQL Injection Vulnerability.

2. Vulnerable Code:

line 14 to 28

<?php
$getallproduct="select * from purchase where id=$_GET[prodid] order by id
desc";
$getallproductresult=mysql_query($getallproduct);
$getallproducttotal=mysql_num_rows($getallproductresult);

3. POC

http://127.0.0.1/ecommercemajor/productdtl.php?prodid=SQLI

Navigation

Suggest Exploit

Services By CQR