g03m0n
Posts Categories Certificate Tags
g03m0n

Contents

Post-Auth SQL Injection in module_shops version <= 4.5.03 of nukeviet

g03m0n  included in CVEs
   107 words   One minute 

Post-Auth SQL Injection in module_shops version <= 4.5.03 of nukeviet

URL / Location of vulnerability

http://<domain>/nukeviet/admin/index.php?nv=shops&op=order&order_code=&from=&to=&order_email=&order_payment=-999%20or%20sleep(3)%20--%20a&checkss=78ed08fc21971e735b01e04647bb90d8&search=Search

Description

Type Version Affected Authentication required ?-day
SQL Injection ≤ 4.5.08, module_shop <= 4.5.03 Yes 0-day

Root cause

modules\shops\admin\order.php

/images/nukeviet-sqli1.png

The data from the order_payment parameter is concatenated directly into the SQL query without validation.

This query is executed at:

/images/nukeviet-sqli2.png

Steps to reproduce

Log in with an administrator account and navigate to the Shops module:

/images/nukeviet-sqli3.png

Intercept the Search request and inject the following payload into the order_payment parameter: -999%20or%20sleep(3)%20--%20a

This payload causes the application to sleep for a total of 18 seconds (3 seconds for each of the 6 columns).

/images/nukeviet-sqli4.png

Commit

https://github.com/nukeviet/module-shops/commit/1b6d2ab792dd525ff660ecfbb848b1295cc28b19

Updated on 2026-05-12
 CveNukeviet
Back | Home