CVE-2024-40498 PoC — PuneethReddyHc Online Shopping System Advanced 安全漏洞

Source

https://github.com/Dirac231/CVE-2024-40498

Associated Vulnerability

Title:PuneethReddyHc Online Shopping System Advanced 安全漏洞 (CVE-2024-40498)
Description:PuneethReddyHc Online Shopping System Advanced是印度Puneeth Reddy HC个人开发者的一个开源在线购物系统。 PuneethReddyHc Online Shopping System Advanced v.1.0版本存在安全漏洞，该漏洞源于存在SQL注入，攻击者可以通过Register.php执行任意代码。

Readme

# CVE-2024-40498
## Affected Application
- `online-shopping-system-advanced 1.0`
- https://github.com/PuneethReddyHC/online-shopping-system-advanced

## Description
The file `register.php` handles user registration. At line 117, the POST parameters "$address1" and $address2" are unsanitized, unlike the e-mail, names and number, this leads to a SQL injection during the evaluation of the `VALUES()` statement. 

To exploit the vulnerability, send a POST request to the "register.php" file, adding a "address1" POST parameter with a SQL Injection payload that escapes the statement context. Alternatively, an attacker can use the "sqlmap" utility to exploit the issue automatically.

File Snapshot


 [4.0K]  /data/pocs/07264303b0ff13f35499eaf4632998d087ea6fff
└── [ 683]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!