mooSocial Store Plugin Blind SQL Injection Vulnerability

A blind SQL injection vulnerability has been identified in the mooSocial Store Plugin version 2.6. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product parameter in the URL rewrite functionality. Exploitation of this vulnerability can lead to the extraction of sensitive database information. Attackers can use boolean-based blind, time-based blind, or stacked query techniques to exploit this issue.

Impact

Exploitation of this vulnerability allows for blind SQL injection, where an attacker can manipulate SQL queries and potentially extract sensitive information from the database.

Reproduction

To reproduce this vulnerability, send a request to a URL that includes the product parameter. Inject SQL payloads into the product parameter using boolean-based blind, time-based blind, or stacked query techniques. The injection will be processed by the application's database, allowing the attacker to manipulate the query and extract information.