header-logo
Suggest Exploit
vendor:
Ziggurat Farsi CMS
by:
Arash Saadatfar
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Ziggurat Farsi CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Ziggurat Farsi CMS SQL Injection Vulnerability

A SQL injection vulnerability was discovered in Ziggurat Farsi CMS. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter 'grp' in the 'main.asp' file. This can allow the attacker to gain access to the database and execute arbitrary code.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

Hello.
Thank You For Your Perfect Web Site.


# Title : Ziggurat Farsi CMS SQL Injection Vulnerability 
# Author: Arash Saadatfar

[~]######################################### InformatioN #############################################[~] 

[~] Title : Ziggurat Farsi CMS SQL Injection Vulnerability 
[~] Author : Arash Saadatfar

[~]######################################### ExploiT #############################################[~] 

[~] Vulnerable File : 

http://server/main.asp?id=5945&grp=[SQL Injection]


[~]######################################### FinisH :D #############################################[~]

Navigation

Suggest Exploit

Services By CQR