itchiangmai SQL Injection Vulnerability

2021.11.26

indoushka (DZ)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: Power by itchiangmai

====================================================================================================================================
| # Title     : itchiangmai SQL Injection Vulnerability                                                                            |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit)                                               | 
| # Vendor    : http://www.itchiangmai.com/                                                                                        |  
| # Dork      : Power by itchiangmai                                                                                               |
====================================================================================================================================

poc :


[+] Dorking İn Google Or Other Search Enggine.

[+] http://cri.moe.go.th/newsall.php?ncat=1&nyear=2563 <====| inject here

[+] http://cri.moe.go.th/manage/ <====| Login


Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        
                                                                                                                                      |
=======================================================================================================================================

See this note in RAW Version

Vote for this issue:

100%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

MinSteRexS

| Date: 2021-11-27 09:11 CET+1

i cannot find it... 
Poc ?

indoushka

| Date: 2021-11-28 07:15 CET+1

work normally
https://www.google.com/search?q=%22Power+by+itchiangmai%22&sxsrf=AOaemvLCMk2warUIdzBUvcNpIWLJrWIMZA%3A1638083539412&ei=0yujYc3UGIHggwe2ppigDQ&ved=0ahUKEwiNiurbwLr0AhUB8OAKHTYTBtQQ4dUDCA4&uact=5&oq=%22Power+by+itchiangmai%22&gs_lcp=Cgdnd3Mtd2l6EAMyBwghEAoQoAE6BwgAEEcQsAM6CAgAEAgQBxAeOgYIABAFEB46BggAEAgQHjoICAAQBxAeEBM6CggAEAgQBxAeEBM6BAgjECc6BAgAEAo6BQgAEIAEOgYIABAHEB46CAgAEAcQChAeOgUILhCABDoHCAAQgAQQCjoHCCMQsQIQJzoHCCMQ6gIQJzoHCC4Q6gIQJzoHCCMQsAIQJ0oECEEYAFDmEVjgmAFg0p4BaBhwAXgDgAHJAogBtx2SAQgyLjI1LjEuMZgBAKABAaABArABCsgBA8ABAQ&sclient=gws-wiz

itchiangmai SQL Injection Vulnerability

Dork: Power by itchiangmai

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

itchiangmai SQL Injection Vulnerability

Dork: Power by itchiangmai

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.