Webers CMS XSS / LFI / SQL Injection

`########################################################################  
#  
# Exploit Title: Webers CMS Multiple Vulnerability  
# Date: 2013 5 November  
# Author: Hossein Hezami ( Dr.3v1l )  
# Vendor: http://www.webers.gr  
# Version: All Version  
# Security Risk: High  
# Category: WebApps  
# Google Keywords: intext:"created by Webers" site:gr  
# Tested on: Linux  
#  
########################################################################  
#  
# [~] Exploit : XSS / SQL Injection / LFI / Path disclosure Vulnerability  
#  
# XSS : xss in product_info.php file => parametrs : lang , cPath , products_id  
#  
# http://<server>/product_info.php?cust_id=&template_id=&lang=gr[XSS]&cPath=[XSS]&template_id=website&cPath=[XSS]&from=sitemap&products_id=[XSS]  
#  
# SQL Injection : sql injection in product_info.php file => parametrs : lang , cPath , products_id  
#  
# http://<server>/product_info.php?cust_id=&template_id=&lang=gr[SQL-Injection]&cPath=[SQL-Injection]&template_id=website&cPath=[SQL-Injection]&from=sitemap&products_id=[SQL-Injection]  
#  
# LFI : lfi in product_info.php file => parametr : to  
#  
# http://<server>/product_info.php?cust_id=&template_id=&lang=en&cPath=&to=[LFI]  
#  
# And To All Parametrs have "Path disclosure" ;)  
#  
########################################################################  
#  
# [~] Demo :  
#  
# http://bofrost.gr/website/product_info.php?cust_id=&template_id=&lang=gr&cPath=&template_id=website&cPath=&from=sitemap&products_id=123  
# http://eyzein-aet.gr/website/product_info.php?cust_id=&template_id=&lang=gr&cPath=&template_id=website&cPath=&from=sitemap&products_id=123  
# http://dellarte.gr/website/product_info.php?cust_id=&template_id=&lang=en&cPath=&cPath=&from=sitemap&products_id=3  
# http://etiroll.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1  
# http://forahellas.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1  
# http://mete.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1  
# http://ktirio3.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1  
# http://e-fitnessclub.gr/website/product_info.php?cust_id=&template_id=&lang=gr&cPath=6_100_227&products_id=1578  
# http://analycon.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1  
# http://mavros.com.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=2  
# http://normabox.gr/website/product_info.php?template_id=38&lang=gr&cPath=&from=sitemap&products_id=1  
# http://fotiadis.com.gr/website/product_info.php?cust_id=&template_id=&lang=en&cPath=&cPath=&from=sitemap&products_id=2  
# http://rbt.gr/website/product_info.php?template_id=38&lang=gr&cPath=&to=homepage.php  
# http://iliosstudios.gr/website/product_info.php?cust_id=&template_id=&lang=en&cPath=&to=index.php  
# http://oaveroias.gr/website/product_info.php?cust_id=&template_id=&lang=&cPath=&cPath=-2&from=sitemap&newid=all  
#  
########################################################################  
#  
# [~] Contact Me :  
#  
# [email protected]  
# [email protected]  
# Twitter.com/Doctor_3v1l  
# IR.LinkedIN.com/in/Hossein3v1l  
#  
# http://0websecurity.ir  
# Black_Devils B0ys  
########################################################################  
`