Site designer company & sql injection

2019.03.15
ir NikbinHK (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title:Site designer company & SQlinjection # Date: 2019-03-15 # Exploit Author: Nullix Security Team | NikbinHK | Mohammad Nikbin # Vendor Homepage: PLUSNET.ir # Google Dork‌ : intext:"طراحی و برنامه نویسی شرکت داده پرداز طراحان ماندگار" inurl:?id= # Tested on: win,linux ================================================================================= [SQL injection] [+] Method ( Sql injection ) Nullix Security Team of IRan [+] parameter : pid , cat2 , maincat , id ================= Mode Hash : MD5 ================= Demo: [+] azarkandoo.com/productdetails.php?id=[SQL] parameter ======> id [+] peikesafar.ir/mobile/tours.php?cat1=81&&cat2=[SQL] parameter ======> cat2 [+] www.njk82.com/productsshow.php?pid=[SQL] parameter ======> pid ================================================================================= EMail : NikbinHK@yahoo.com Telegram ID‌ : @Orrol Telegram Channel : @NullixTM [+] TNX to ======> Nullix Team guys


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top