PaulShop – SQL Injection

• Exploit Database
• 36 阅读

• 作者： Se0pHpHack3r
  日期： 2017-06-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/42156/

• # Exploit Title: [PaulShop CMS <= 2017-03-25 Sql Injection]
  # Date: [10-06-2017]
  # Exploit Author: [Se0pHpHack3r]
  # Vendor Homepage: [https://codecanyon.net/item/paulshop-cms-with-shopping-cart-system/18070714]
  # Version: [2017-03-25] 
  
  1. Description
  
  SQL Injection on Shipping Cost page in Cart, with "country" & "weight" parameter (GET)
  
  2. Examples
  
  http://localhost/shop/en/cart/shipping_cost?country=[SQL INJECTION HERE]
  http://localhost/shop/en/cart/shipping_cost?country=TH&weight=[SQL INJECTION HERE]