PaulShop – SQL Injection

• Exploit Database
• 192 阅读

• 作者： Se0pHpHack3r
  日期： 2017-06-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/42156/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

  # Exploit Title: [PaulShop CMS <= 2017-03-25 Sql Injection] # Date: [10-06-2017] # Exploit Author: [Se0pHpHack3r] # Vendor Homepage: [https://codecanyon.net/item/paulshop-cms-with-shopping-cart-system/18070714] # Version: [2017-03-25]   1. Description   SQL Injection on Shipping Cost page in Cart, with "country" & "weight" parameter (GET)   2. Examples   http://localhost/shop/en/cart/shipping_cost?country=[SQL INJECTION HERE] http://localhost/shop/en/cart/shipping_cost?country=TH&weight=[SQL INJECTION HERE]