SQL Injection in s-cart/core
Jun 10th 2021
Searching keyword in
/sc_admin/currency is vulnerable to SQL injection. This will allow a user to run arbitrary SQL queries and completely delete, edit, export or change all information in the database - potentially rendering the entire platform unusable.
🕵️♂️ Proof of Concept
Login as Admin, Navigate to Localisation > Currencies
Then insert payload in keyword parameter kind of:
0 or name like '%e%' or code = "
1 and sleep(0) or code = "
$obj = $obj->whereRaw('(code = "' . $keyword . '" OR name like "%' . $keyword . '%" )');
A successful attack may result the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, write file to server lead to Remote code Execute, or write script to extract data.