Smartshop SQL Injection Vulnerability

A SQL injection vulnerability has been identified in Smartshop version 1. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the 'id' parameter. Exploitation can be done by sending GET requests to 'category.php' with UNION-based SQL injection payloads, enabling attackers to extract sensitive database information such as usernames and other data.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which could lead to unauthorized data access or manipulation. In this case, it could be used to extract sensitive database information, including usernames.

Reproduction

The vulnerability can be reproduced by sending a GET request to 'category.php' with a crafted 'id' parameter that includes a UNION-based SQL injection payload. This payload exploits the application's SQL query handling by injecting additional SQL commands that the database will execute. The injected SQL can be used to extract data from the database, such as usernames and other sensitive information.