i-Tech Nepal Radio CMS version 2.0 suffers from a remote SQL injection vulnerability.
d1025bd4c1202de1ad50de8a8a3ce98318bb2d479a1f19446a1bf6463fed0877
######################
# Exploit Title : i-Tech Nepal Radio CMS SQL Injection Vulnerability
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.itechnepal.com
# Google Dork : "Powered By : i-Tech Nepal" inurl:php?
# Date: 2016/04/26
# Category: [ Webapps ]
# Tested on: [Win /php ]
# Version : 2.0
######################
# Vulnerable Input(s):
# [+] al_id
# [+] id
#
# Demo:
# http://www.holyvisionradio.com/photo.php?al_id=6%27
# http://www.choicefm.org/image.php?al_id=7%27
# http://www.bhorukawafm.org/image.php?al_id=15%27
# http://www.radiodidibahini.org/image.php?al_id=1%27
# http://janakpurtoday.com.np/photo.php?id=10
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Greetz : All Persian Hack Team Members
# Homepage : persian-team.ir
######################