Aljyyosh Blind SQL Injection Vulnerability

2018.01.22

Iran.Anonymous (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Aljyyosh Blind SQL Injection Vulnerability
# Google Dork: N/A
# Date: 2018-01-20
# Risk: High
# Exploit Author: Iran.Anonymous
# Vendor Homepage: http://www.aljyyosh.org/
# Tested on: Windows
*******************************************
# The impact of this vulnerability

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.

Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system.

# Attack details:

URL encoded POST input {password} was set to : 

if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/

*******************************************
# Thanks to : ~~> MR.Khatar || Turk.Khan || Blackwolf_Iran ||Ormazd || Sh@d0w ||Hellish_PN (mamad khodesh) ||Rabinson || Danger BoY
# Discovered By: Iran.Anonymous

References:

Iran.Anonymous

See this note in RAW Version

Vote for this issue:

90%

10%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Aljyyosh Blind SQL Injection Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.