OpenCart v1.5.1.2 - exploit.company

vendor:

OpenCart

by:

Rires Walid

7.5

CVSS

HIGH

Blind SQL Vulnerability

CWE

Product Name: OpenCart

Affected Version From: v1.5.1.2

Affected Version To: v1.5.1.2

Patch Exists: YES

Related CWE: N/A

CPE: a:opencart:opencart

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP2 (fr)

2011

OpenCart v1.5.1.2 <= Blind SQL Vulnerability

OpenCart v1.5.1.2 is vulnerable to Blind SQL injection. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands. The vulnerability exists due to insufficient sanitization of user-supplied input in the "path" parameter of the "index.php" script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious SQL code in the "path" parameter.

Mitigation:

Upgrade to the latest version of OpenCart.

Source

Exploit-DB raw data:

====================================================
OpenCart v1.5.1.2 <= Blind SQL Vulnerability
====================================================


# Exploit Title: OpenCart v1.5.1.2 / Blind SQL Vulnerability
# Date: 08 - 09 - 2011
# Author: Rires Walid
# Software Link: http://www.opencart.com
# Contact : http://dz4web.info
# Version: v1.5.1.2
# Google dork: Powered By OpenCart Your Store © 2011
# Tested on: Xp Sp2(fr)

[*] ## ExPLo!T: 



http://localhost/index.php?route=product/product&path=%27&product_id=[SQL]





=================================**Algerians Hackers**====================================|
# Greets To :                                                                             |
  **All Algerians Hackers** , Lagripe-Dz , HACKeR Dz ,  Sec4ever ,MMA_LORD_735,Jago_dz    |
  i-hmx , 3H34N , (1337day.com) , FoX HaCkEr , Serir W4Lid , Dz4Web.info                  |
==========================================================================================|