CVE-2020-26248 PoC — Prestashop SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-26248.yaml

Associated Vulnerability

Title:Prestashop SQL注入漏洞 (CVE-2020-26248)
Description:Prestashop是美国Prestashop公司的一套开源的电子商务解决方案。该方案提供多种支付方式、短消息提醒和商品图片缩放等功能。 PrestaShop productcomments module 4.2.1之前版本存在SQL注入漏洞，攻击者可利用该漏洞可以使用盲注入SQL来检索数据或停止MySQL服务。这个问题在模块的4.2.1中得到了解决。

Description

PrestaShop Product Comments module before version 4.2.1 contains a SQL injection vulnerability, An attacker can use a blind SQL injection to retrieve data or stop the MySQL service, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.

File Snapshot


 id: CVE-2020-26248

info:
  name: PrestaShop Product Comments <4.2.0 - SQL Injection
  author: edoar

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!