Gigaland NFT Marketplace version 1.9 suffers from remote shell upload and ETH private key disclosure vulnerabilities.
ce98bcba1114e91aa9e9ba66766075c6356a782f55f6b972328c6840eadf1713
# Exploit Title: Gigaland NFT marketplace Shell upload and ETH private key leak
# Google Dork: N/A
# Date: 14/8/2022
# Exploit Author: Sohel Yousef https://www.linkedin.com/in/sohel-yousef-50a905189/
# Software Link: https://gigaland.io/
# Version: 1.9
# Category: webapps
1. Sell Upload
after connectiong your wallet to the site go to edit profile section
on the link
localhost/artist/account
upload your shell in php format with no secuirty
your shell well be in this direction
storage/artist/profile/ ++ you can Inspect Element the edit profile page to have the direct link
2. Private key leak
this link
localhost//resources/privateJs/transfer.js
have the private key for the ethereum account
const addressFrom = receiverAddress;
const privKey = '9f09d101c +++ HIDDEN ++++++ ac7bea0db0c25d2b5a3'
async function transfer(addressto, data, history_id) {
debugger;
const web3js = new Web3(rpcURL);
const contract = new web3js.eth.Contract(trabi, trcontractAddress, {});
const nonce = await web3js.eth.getTransactionCount(addressFrom, 'latest'); //get latest nonce