facebook facebook twitter rss

Lively cart SQL Injection vulnerability

Author: Persian-Cyber.Org , Published: 23-06-2015
##################################################################################################
#Exploit Title : Lively cart SQL Injection vulnerability
#Author : MaSTeR SmJ
#Vendor Link : http://codecanyon.net/item/livelycart-a-jquery-php-store-shop/5531393
#Date : 18/06/2015
#Home Page : Persian-Cyber.Org
##################################################################################################

////////////////////////
/// Overview:
////////////////////////


Lively cart is shping cart script and search parameter(search_query) in not filtering user supplied data and hence affected from SQL injection vulnerability

///////////////////////////////
// Vulnerability Description:
///////////////////////////////
vulnerability is due to search_query GET parameter

////////////////
/// POC ////
///////////////


http://SERVER/1.2.0/product/search?search_query='


--==[[ Special TnX To ]]==--
Wike - Dr.r00t - Terr0risT - Whitetiger - CYCLONER - FasT ReaCtoR And --==[[ArK0s]]==--
<3 Persian Cyber Group <3

Like us on Facebook :