Headline
CVE-2021-37823: SQL injection exists in the background of OpenCart - Extrader - Medium
OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.
Affected version:3.0.3.7 (or < 3.0.3.7 ?)
Suppose I have obtained the admin rights of the website backend
Backstage->system->maintenance->backup/restore->restore
import file,Capture,Modify file content
Payload:INSERT INTO `opencart`.`oc_api_ip` (`api_ip_id`, `api_id`, `ip`) VALUES (5, 5, ‘123’ or updatexml(1,concat(0x7e,(version())),0) or’’);\n
If there is no error information,We may use sql time injection to achieve the effect.
Through this loophole,We can get information in the database or read the file on the computer through LOAD_FILE().
The vulnerability code is as follows
Related news
OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.
OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.