CVE — https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-3110
Exploit — https://www.exploit-db.com/exploits/49410
Blind SQL injection on Prestashop version 1.7.7.0
Prestashop is an open-source e-commerce solution that can use to run stores in the cloud via self-hosting.
what is blind based SQLi
blind SQL injection arises when the application is vulnerable to SQL injection but its response does not contain any details of any database errors.
types of blind sqli:1.boolean based SQLi
2.time based SQLi
time-based SQLi: Time-based techniques are often used to achieve tests when there is no other way to retrieve information from the database server
so let's jump on to the POC of time-based SQLi
there is an id_product parameter where I first tried to balance the query but unfortunately, I didn’t found anything in response. so further, I tried to use a time-based SQLi payload
(1 AND (SELECT 3875 FROM (SELECT(SLEEP(5)))xoOt))
and the (Prestashop 1.7.7.0) is vulnerable to time-based SQLi
Vulnerable parameter or URL –
mitigation:
1.use prepared statement
2.use stored procedure
3.use whitelisting character
4.give least privilege to the application database
Author — Jaimin Gondaliya
