طراحی و تولید: " ایران سامانه High Security Level SQL Injection

2017.04.07
ir Mr.0&1 (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:"طراحی و تولید: " ایران سامانه " " intitle:آرشیو

########################## # Exploit Title: High Level SQL Injection # Google Dork: intext:"طراحی و تولید: " ایران سامانه " " intitle:آرشیو # Date: 2017-04-06 # Author: Mr.0&1 ( IR Independent Hacker ) # Software : None # Version: all # CVE : - ########################## Description: ----------------- Proof of concept : The developers of those websites and their team must've forgotten to check out the security level of each code ! As I just mentioned earlier , this type of attack is sorta High and the whole database can be dumped just by using some bypass methods . Here I provided some websites which are all vulnerable to SQL Injection . youcan dump the whole database of each website easily and if truth be known , username and password can be shown less than a second ... ( Hashes might be in SHA1 format ) so check that out .. ---------------------------------------- Demo : http://hadiesazan.ir/?category=14' http://hadiesazan.ir/product_view.php?product_id=-7' http://farsbtc.ir/language_news.php?news_id=3' ---------------------------------------- *************************************************************** Mr.0&1 IR Independent Hacker & security Researcher ) Wanna chit-chat ? o.O # My Telegram : https://t.me/GodBlessTheUnitedStatesOfAmerica 09367242182 ****************************************************************


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top