SQL injection exists in the background of OpenCart

Jul 30, 2021


Affected version: (or < ?)

Suppose I have obtained the admin rights of the website backend


import file,Capture,Modify file content

Payload:INSERT INTO `opencart`.`oc_api_ip` (`api_ip_id`, `api_id`, `ip`) VALUES (5, 5, ‘123’ or updatexml(1,concat(0x7e,(version())),0) or’’);\n

If there is no error information,We may use sql time injection to achieve the effect.

Through this loophole,We can get information in the database or read the file on the computer through LOAD_FILE().

The vulnerability code is as follows