Edit Report

Our sensors found this exploit at:

Below is a copy:

Gigaland NFT Marketplace 1.9 Shell Upload / Key Disclosure
# Exploit Title: Gigaland NFT marketplace Shell upload and ETH private key leak 
# Google Dork: N/A
# Date: 14/8/2022
# Exploit Author: Sohel Yousef
# Software Link:
# Version: 1.9
# Category: webapps

1. Sell Upload 

after connectiong your wallet to the site go to edit profile section 
on the link
upload your shell in php format with no secuirty 
your shell well be in this direction
storage/artist/profile/ ++ you can Inspect Element the edit profile page to have the direct link 

2. Private key leak 

this link 


have the private key for the ethereum account 

const addressFrom = receiverAddress;
const privKey = '9f09d101c +++  HIDDEN ++++++ ac7bea0db0c25d2b5a3'

async function transfer(addressto, data, history_id) {

    const web3js = new Web3(rpcURL);

    const contract = new web3js.eth.Contract(trabi, trcontractAddress, {});

    const nonce = await web3js.eth.getTransactionCount(addressFrom, 'latest'); //get latest nonce

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.