Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2024-21514 PoC — OpenCart 安全漏洞

Source
https://github.com/bigb0x/CVE-2024-21514
Associated Vulnerability
Title:OpenCart 安全漏洞 (CVE-2024-21514)
Description:This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.
Description
SQL Injection POC for CVE-2024-21514: Divido payment extension for OpenCart
Readme
# CVE-2024-21514 PoC and Bulk Scanner


![Banner](screens/screen.jpg)

## Overview

POC for CVE-2024-21514 : SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9

This POC is create by [M Ali](https://x.com/MohamedNab1l) and it's based on this [Security Advisory by Snyk](https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565).


## How to Use

### Minimum Requirements

- Python 3.6 or higher
- `requests` library

### Single Target Scan

To scan a single target endpoint:
```sh
python cve-2024-21514 .py -u target
```

### Bulk Target Scan
To mass scan bulk targets:
```sh
python cve-2024-21514 .py -f targets.txt
```

## Contacts
Get in touch with me if you have any questions or recomendations.


## Disclaimer

I like to create my own tools for fun and educational purposes only. I 'm releasing this tool is for educational use only. I do not support or encourage hacking or unauthorized access to any system or network. Please use this tool responsibly and only on systems where you have clear permission to test. You are responsible for any misuse.

## References

- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9
- https://nvd.nist.gov/vuln/detail/CVE-2024-21514
File Snapshot

 [4.0K]  /data/pocs/026fe43550736ab49214b16d9cb890b54fb328f5
├── [7.1K]  cve-2024-21514.py
├── [1.3K]  README.md
└── [4.0K]  screens
    └── [ 89K]  screen.jpg

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →