Exploits / Vulnerability Discovered : 2019-02-13 |
Type : webapps |
Platform : php
This exploit / vulnerability Piluscart 1.4.1 send sql injection is for educational purposes only and if it is used you will do on your own risk!
# Exploit Title: PilusCart 1.4.1 - 'send' SQL Vulnerability
# Dork: N/A
# Date: 10-02-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://sourceforge.net/projects/pilus/
# Software Link: https://sourceforge.net/projects/pilus/
# Version: 1.4.1
# Category: Webapps
# Tested on: Wampp @Win
# CVE: N/A
# Software Description: PilusCart is a web-based online store management system, written in PHP scripting language as the most popular web programming language today. To store the data, PilusCart uses MySQL relational database management system.
# Vulnerabilities / Impact
# This web application called as PiLuS 1.4.1 version.
# Switch to the http://localhost/PiLUS/read-apa-itu-pdo
fill in the red-colored parts that I have given in the link
https://i.hizliresim.com/MV11La.jpg
Get in with the burp suite. and add the payload
at the end of the request to the attack pattern.