surena CMS Travel SQL injection

2020.07.23

Avanter (IR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:php?id= intext:تمام حقوق مادی و معنوی این سایت متعلق به سورنا میباشد

#Exploit Title : surena CMS Travel SQL injection
#Date : 22-7-2020
#Google Dork : inurl:php?id= intext:تمام حقوق مادی و معنوی این سایت متعلق به سورنا میباشد
#Exploit Author : Avanter & ITH Team
#Vendor Homepage : http://surena3d.com
#Tested on : Windows 8
#CVEs : N/A

.:: Descreption ::.

A programming error caused a malicious file to be infected with a SQLI error

.:: PoC ::.

1 : Find Your target with Dork
2 : Find And test the Target With '
3 : Injection With SQLmap Or other softwares :)

.:: Discovered by ::.
Avanter

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

surena CMS Travel SQL injection

Dork: inurl:php?id= intext:تمام حقوق مادی و معنوی این سایت متعلق به سورنا میباشد

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.