# Exploit Title: C4kurdGroup CMS SQL injection Vulnerability
# Date: 2012-04-14 [GMT +7]
# Author: BHG Security Center
# Software Link: http://www.c4kurd.com/
# Vendor Response(s): They didn't respond to the emails.
# Dork: intext:"Created by C4kurdGroup "
# Version : Full Version
# Tested on: ubuntu 11.04
# CVE : -
# Finder(s):
    - Net.Edit0r (Net.edit0r [at] att [dot] net)
    - Tak.fanar   (Tak.fanar [at] yahoo [dot] com)

-----------------------------------------------------------------------------------------
C4kurdGroup CMS SQL injection Vulnerability
-----------------------------------------------------------------------------------------

Author : BHG Security Center
Date : 2012-04-14
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG
---------------------------------------------------------------------------

PoC/Exploit:
~~~~~~~~~~

------------- ( SQL injection ) ~

~ [PoC]Http://[victim]/path/filename.php?page=[SQLi]

  ~ Demo : http://www.khushkan.org/dast/khuardn.php?page=[SQLi]
  ~ Demo : http://www.bgta-krg.org/babat/hawal.php?page=[SQLi]
  ~ Demo : http://www.pdk-21.com/mezhu/archive.php?page=[SQLi]
  ~ Demo : http://www.radiogarmyan.net/hawal/archive.php?page=[SQLi]
  ~ Demo : http://www.radiogarmyan.net/hawal/archive.php?page=[SQLi]

 Important Notes:
~~~~~~~~~

- Vendor did not respond to the email as well as the phone. As thereis
not any contact form or email address in

- the website, we have used all the emails which had been found by
searching in Google such as support, info, and so on.

---------------------------------------------------------------------------
Greetz 2 : A.Cr0x | 3H34N | 4m!n | ArYaIeIrAN | Mr.XHat | NoL1m1t | G3n3Rall

Spical Th4nks: B3hz4d | Dj.TiniVini | _SENATOR_ | IrIsT And All My Friendz

[!] Persian Gulf 4 Ever
[!] I Love Iran And All Iranian People
Greetz To : 1337day.com ~ exploit-db.com [h4ckcity tM] And All Iranian HackerZ
-------------------------------- [ EOF ] ----------------------------------