acemedia SQL Injection

2016.02.04

Credit: Guardiran Security Team

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:طراحی توسط acemedia inurl:?id=

########################################################
# Exploit Title: acemedia SQL Injection
########################################################
# Date: [2016/2/4]
# Google Dork: intext:طراحی توسط acemedia inurl:?id=
# Exploit Author: Guardiran Security Team =>hitlrhacker
# Vendor Homepage: [http://www.acemedia.ir/]
# Software Link: [-]
# Version: All Version
# Tested on: [windows 8.1 & Google Chrome]
########################################################
# DISCRIPTION: Hello Guys.This vulnerability is SQL type
# We put ["] we can get the MySQL error
# For Example:
# [http://www.irtu.ir/index.php?id=19%22]
# GooD LucK
########################################################
# Demo:
# http://www.irtu.ir/index.php?id=19%22
# http://iasbs.ac.ir/math/dep=4%22
# http://www.naria.info/view/14.aspx?id=346%22
# http://www.ir-translate.com/PU/link/ftc_page.aspx?id=1003107%22
########################################################
# Thanks to : C0d3!Nj3ct!0N | REX | abarestan | GrYpHoN | alizombie | DeMoN | ColEctOR
# We Are Guardiran Security Team
# Discovered By:hitlrhacker
########################################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

acemedia SQL Injection

Dork: intext:طراحی توسط acemedia inurl:?id=

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.