Headline
BootCommerce 3.2.1 SQL Injection
BootCommerce version 3.2.1 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ C r a C k E r ┌┘┌┘ T H E C R A C K O F E T E R N A L M I G H T ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ [ Vulnerability ] ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: Author : CraCkEr :│ Website : https://www.mrplugins.it/bootcommerce/ ││ Vendor : MrPlugins ││ Software : BootCommerce 3.2.1 ││ Vuln Type: SQL Injection ││ Impact : Database Access ││ ││────────────────────────────────────────────────────────────────────────────────────────││ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: :│ Release Notes: ││ ═════════════ ││ ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and ││ damage to a company's reputation. ││ │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL CryptoJob (Twitter) twitter.com/CryptozJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ © CraCkEr 2023 ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /bootcommerce/content/products/Books/?p=1&prc=5,12&of=falseGET parameter 'prc' is vulnerable to SQLIhttps://www.target.com/bootcommerce/content/products/Books/?p=1&prc=5,12[Inject-HERE]&of=false[-] Done