Nukeviet - Tag - g03m0n https://g03m0n.github.io/tags/nukeviet/ Nukeviet - Tag - g03m0n Hugo -- gohugo.ioen-usTue, 12 May 2026 08:31:01 +0800 Post-Auth SQL Injection in module_shops version <= 4.5.03 of nukeviet https://g03m0n.github.io/posts/nukeviet-sql-injection/ Tue, 12 May 2026 08:31:01 +0800 g03m0n https://g03m0n.github.io/posts/nukeviet-sql-injection/ Post-Auth SQL Injection in module_shops version <= 4.5.03 of nukeviet

URL / Location of vulnerability

http://<domain>/nukeviet/admin/index.php?nv=shops&op=order&order_code=&from=&to=&order_email=&order_payment=-999%20or%20sleep(3)%20--%20a&checkss=78ed08fc21971e735b01e04647bb90d8&search=Search

Description

Type Version Affected Authentication required ?-day
SQL Injection ≤ 4.5.08, module_shop <= 4.5.03 Yes 0-day

Root cause

modules\shops\admin\order.php

The data from the order_payment parameter is concatenated directly into the SQL query without validation.

This query is executed at:

Steps to reproduce

Log in with an administrator account and navigate to the Shops module:

Intercept the Search request and inject the following payload into the order_payment parameter: -999%20or%20sleep(3)%20--%20a

This payload causes the application to sleep for a total of 18 seconds (3 seconds for each of the 6 columns).

Commit

https://github.com/nukeviet/module-shops/commit/1b6d2ab792dd525ff660ecfbb848b1295cc28b19

]]>