Lively Cart – SQL Injection - 体验盒子

作者： Manish Tanwar
日期： 2015-06-19
类别：
webapps
平台：
multiple
来源：https://www.exploit-db.com/exploits/37325/
##################################################################################################
#Exploit Title : Lively cart SQL Injection vulnerability
#Author: Manish Kishan Tanwar AKA error1046
#Vendor Link : http://codecanyon.net/item/livelycart-a-jquery-php-store-shop/5531393
#Date: 18/06/2015
#Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi
#Discovered At : Indishell Lab
##################################################################################################

////////////////////////
/// Overview:
////////////////////////


Lively cart is shping cart script and search parameter(search_query) in not filtering user supplied data and hence affected from SQL injection vulnerability 

///////////////////////////////
// Vulnerability Description:
///////////////////////////////
vulnerability is due to search_query GET parameter 

////////////////
///POC ////
///////////////


http://SERVER/1.2.0/product/search?search_query='


 --==[[ Greetz To ]]==--
############################################################################################
#Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba, 
#Silent poison India,Magnum sniper,ethicalnoob Indishell,Reborn India,L0rd Crus4d3r,cool toad,
#Hackuin,Alicks,mike waals,Suriya Prakash, cyber gladiator,Cyber Ace,Golden boy INDIA,
#Ketan Singh,AR AR,saad abbasi,Minhal Mehdi ,Raj bhai ji ,Hacking queen,lovetherisk,Bikash Dash
#############################################################################################
 --==[[Love to]]==--
# My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,
#Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Jagriti,Salty and Don(Deepika kaushik)
 --==[[ Special Fuck goes to ]]==--
<3suriya Cyber Tyson <3