BluAdmin Riyan version 1 suffers from a remote SQL injection vulnerability.
3bb44f706aac53314ef5f924e5076dd3
# # # # #
# Exploit Title: BluAdmin Riyan (ver. 1) - SQL Injection
# Google Dork: inurl:"/blu_source/featured_sec.php?"
# Date: 27.03.2017
# Vendor Homepage: http://www.bludomain.com/
# Software: http://www.bludomain.com/websites/
# Demo: http://bludomaintemplates.com/riyan/#!/HOME
# Version: 1
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Matt Sheimo
# Author Web: N/A
# Author Mail : mrsheimo[@]gmail[.]com
# #
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/blu_source/featured_sec.php?sec_id=[SQL]
# http://localhost/[PATH]/blu_source/gallery.php?gal_id=[SQL]
# # # # #