Web Design itemDesc.php site sql injection

2018.07.29

Guardiran Security Team (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: itemDesc.php?CartId=

# Exploit Title :   

 Web Design itemDesc.php site sql injection

# Exploit Author : Guardiran Security Team 

# Vendor Homepage http://mpaying.com

# Google Dork : itemDesc.php?CartId=

my team: Guardiran Security Team 

http://guardiran.org/profile/25294-rednofozi/

# category : webapps

# Tested on : Win8 , Kali Linux

me:rednofozi@yahoo.com
insta:vol.81

Proof of Concept :

search google Dork : itemDesc.php?CartId=

Demo : http://mpaying.com/checkout1.php?id=237' (sql-injection

# Discovered by : Rednofozi
 
 Long live SistanAs long as I live in my body, I defend this soilLong live Seyyed Ali Khamenei

guard iran hackers

tnx to :REX , DeMoN, C0d3!Nj3ct!0n ,Mr.Python , virtual_hate Comrade،, JOK3R ,  Ruiner , mr_null -  1TED

References:

iran

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Web Design itemDesc.php site sql injection

Dork: itemDesc.php?CartId=

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.