- Цена
- 15 BTC
- Контакты
- https://xss.pro/members/343437/
SERVER-SIDE PROTOTYPE POLLUTION EXPLOIT: BITMART.COM
[0-DAY] Bitmart.com Server-Side Prototype Pollution - Chain to RCE/Data Theft
Target: Top 20 Global Exchange ($300M+ daily volume)
Impact:
- Remote Code Execution on exchange backend
- Privilege escalation to super-admin
- Wallet address manipulation
- Trading balance alteration
- API key extraction from memory
Vulnerability:
- Unpatched JS deserialization flaw (Node.js backend)
- Pollution vectors: User profile endpoints + trading API
- Confirmed on production servers (api.bitmart.com/v2)
Proof:
- Video POC: Injecting malicious properties into order objects
Terms:
- XMR/BTC accepted
- Single sale only
WARNING:
Patch expected in Q4 2025 - exploit while hot.
[0-DAY] Bitmart.com Server-Side Prototype Pollution - Chain to RCE/Data Theft
Target: Top 20 Global Exchange ($300M+ daily volume)
Impact:
- Remote Code Execution on exchange backend
- Privilege escalation to super-admin
- Wallet address manipulation
- Trading balance alteration
- API key extraction from memory
Vulnerability:
- Unpatched JS deserialization flaw (Node.js backend)
- Pollution vectors: User profile endpoints + trading API
- Confirmed on production servers (api.bitmart.com/v2)
Proof:
- Video POC: Injecting malicious properties into order objects
Terms:
- XMR/BTC accepted
- Single sale only
WARNING:
Patch expected in Q4 2025 - exploit while hot.