Sites powered by Arasism.com suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
87ec0d26bf3b2a41dd60e9c9288afdaf79105e9aa7b0c10869fa98bf2a9c9597
########################################################################################
# #
# Exploit Title : Arasism SQLi Vulnerability #
# #
# Author : Iranian Security & Research Team #
# #
# Discovered By : Ehram.shahmohamadi #
# #
# Home : sec-lab.ir #
# #
# Contact : research [at] sec-lab [dot] ir #
# #
# Portal Link : www.Arasism.Com #
# #
# Security Risk : High #
# #
# DorK : "Powered by Arasism.com" #
# #
# OR : "Designed & Powered By Hadi Farzad" #
# #
# OR : "Powered By : www.Arasism.Com" #
# #
# OR : "ØÑÇÍí æ ÇÌÑÇ : åÇÏí ÝÑÒÇÏ | íÔÇãÇä æÈ ÝÑÏÇ" #
# #
########################################################################################
# #
# Expl0iTs: #
# #
# 1: [TarGeT]/News.asp?nid=[SQLi] #
# #
# Demo : #
# #
# http://www.iritf.org.ir/eNews.asp?nid=[SQLi] #
# #
########################################################################################
# #
# We are : K0242 | Nafsh | Ehram.shahmohamadi #
# #
# Greetz : All sec-lab researchers #
# #
########################################################################################