Sql injection on shopclues

Hi guys this one of the severe issue i have found on any website that runs bug bounty. Well you can say i had the whole database of a top top-not company with millions of credit card, debit card, and all kind of information which which is just enough to screw the company and its users if it would have felled into wrong hands.

Website : https://shopclues.com

During reconnaissance i found two pages (05/03/2017)

LINK: https://shopclues.com/fb_college_campus/my_page.php?id=9
LINK: https://secure.shopclues.com/fb_college_campus/my_page.php?id=7

both are same and contains the same vulnerability .

when i put single quote to check if the website vulnerable to sql injection or note i got redirected to home page. I used “No Redirect” so i can stop page redirection. As i have assumed their exist a sqli 🙂

Found vulnerable columns 5, 7, 14, 13. Now extracted the name of databases.

Extracting tables & columns

06/03/2017 : Reported

08/03/2017 : Got Fixed

Video proof of concept : https://youtu.be/dwN_dJBMCoM

Thanks for reading,

Cheers

Follow me on twitter @spidersec

Related posts

Leave a Comment

ten − 4 =