IKEA SQL-Injection – Hello, Here I will share my experience of hunting bugs on an e-commerce site in Indonesia.This experience started when I was browsing to see and find references to articles for a college assignment I was working on,I saw banners / advertisements from the IKEA.CO.ID website which often popped up immediately crossed my mind to try to do a pentest on the website IKEA. CO.ID.
Prof Of Concept
1. Visit Product Page "https://www.ikea.co.id/in/products/"
2. Search for a product & navigate to the product page according to the name of the product search
3. Get product filter and see json response on Network panel
4. I have the parameter in the url "https://www.ikea.co.id/in/products/template_reload?&q=meja&price="
5. I think the parameter price has sqli potential because I tried to enter in your SQL injection payload into price params i get error information on page.
6. I tried the test with the sqlmap tools and I tried dump for get DB_NAME with payload ' ./sqlmap.py -u "https://www.ikea.co.id/in/products/template_reload?&q=meja&price=1" --random-agent -p"price" --risk=3 --level=3 --tamper=randomcase --threads=2 --text-only --no-cast --batch --dbms=postgresql --dbs '
7. I got 27 DATABASE NAME on system
Refrensi:
https://medium.com/@drag0n/sqlmap-tamper-scripts-sql-injection-and-waf-bypass-c5a3f5764cb3
https://medium.com/@vardanstres/advance-sqlmap-bypass-mod-security-bypass-bdb2e8b79bc
Big Thank's To:
- Allah SWT & My Parrent's
- Muhammad Akbar M
- Vardan Farano
- Abdi Prawira N
Timeline:
- , 2020 – Send Report.
- Nov 20, 2020 – Bug fixing.
- Jan 29, 2021 – Reward sent ($500).
Good.
BalasHapusTeruskan bakatmu nak
HapusAlhamdulillah , thank's brother 🙏🏻
HapusLanjut kan nak. Jika pc mu sudah menyala maka bug bug pada website kau runtuh kan
BalasHapusHello mr ibnu
HapusHello mr david
Hapus