CVE-2007-2549

TurnkeyWebTools SunShop <4.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2549. PoCs published by John Martinelli.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in TurnkeyWebTools SunShop Shopping Cart v4 by submitting a malformed input to the 'c' parameter in index.php. The PoC provides a simple HTML form to trigger the vulnerability, which could allow an attacker to manipulate SQL queries.

Description

SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) c or (2) quantity parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by John Martinelli · textwebappsphp

https://www.exploit-db.com/exploits/29960

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in TurnkeyWebTools SunShop Shopping Cart v4 by submitting a malformed input to the 'c' parameter in index.php. The PoC provides a simple HTML form to trigger the vulnerability, which could allow an attacker to manipulate SQL queries.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: TurnkeyWebTools SunShop Shopping Cart v4

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK