طراحی و تولید: " ایران سامانه High Security Level SQL Injection

Published
Credit
Risk
2017.04.07
Mr.0&1
Medium
CWE
CVE
Local
Remote
CWE-89
N/A
No
Yes
Dork: intext:"طراحی و تولید: " ایران سامانه " " intitle:آرشیو

##########################
# Exploit Title: High Level SQL Injection
# Google Dork: intext:"طراحی و تولید: " ایران سامانه " " intitle:آرشیو
# Date: 2017-04-06
# Author: Mr.0&1 ( IR Independent Hacker )
# Software : None
# Version: all
# CVE : -
##########################

Description:

-----------------
Proof of concept :

The developers of those websites and their team must've forgotten to check out the security level of each code !
As I just mentioned earlier , this type of attack is sorta High and the whole database can be dumped just by using some bypass methods . Here I provided some websites which are all vulnerable to SQL Injection . youcan dump the whole database of each website easily and if truth be known , username and password can be shown less than a second ... ( Hashes might be in SHA1 format ) so check that out ..

----------------------------------------
Demo :

http://hadiesazan.ir/?category=14'

http://hadiesazan.ir/product_view.php?product_id=-7'

http://farsbtc.ir/language_news.php?news_id=3'


----------------------------------------
***************************************************************

Mr.0&1 IR Independent Hacker & security Researcher )

Wanna chit-chat ? o.O

# My Telegram :

https://t.me/GodBlessTheUnitedStatesOfAmerica

09367242182

****************************************************************


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com