Aimeos Laravel Ecommerce Platform 2021.10 LTS SQL Injection

2021.11.23
Credit: Ilker Burak Adiyaman
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection # Date: 20/11/2021 # Exploit Author: Ilker Burak ADIYAMAN # Vendor Homepage: https://aimeos.org # Software Link: https://aimeos.org/laravel-ecommerce-package # Version: Aimeos 2021.10 LTS # Tested on: MacOSX *Description:* The Aimeos E-Commerce framework Laravel application is vulnerable to SQL injection via the 'sort' parameter on the json api. ==================== 1. SQLi ==================== https://127.0.0.1/default/jsonapi/review?sort=-ctime The "sort" parameter is vulnerable to SQL injection, reveals table and column names. step 1 : Copy json api GET request above. step 2 : Change sort parameter value to -- ---------------------------------------------------------------------- Parameter: sort (GET) Type: error based Title: GET parameter 'sort' appears to be injectable Payload: sort=--


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top