OPSTECH Thailand Gov Management System Multiple Vulnerabilities

2022.07.04
id NaughtySec (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: OPSTECH Thailand Government Management System Multiple Attack (SQLi + Default weak password) # Google Dork: 1. intext:"Copyright © by OPSTECH All Right Reserved" site:go.th 2. USE your Brain.. # Vulnerabilty: SQL Injection + Default Weak Admin Password # Date: 2016-06-23 # Risk: High # Original Exploit Author: ./NaughtySec - Indinesia Bug Hunter # Vendor Homepage: https://www.opstechservices.com/ # Version: = all version vuln # Tested on: Kali Linux 2022.2 & Windows 11 # Tested Environment - Ubuntu Server 20.04 LTS # Attacking video : https://youtu.be/lei9XrRi4yo First found it in 2016, but after a long time and accidentally looked at the mirror again and tried the exploit again, it's still working until now Video for attacking https://youtu.be/lei9XrRi4yo Admin Login: /index.php?mod=login&path=login Default Admin password: 123456 A123456 123456900 111111 Hash MD5 https://md5decrypt.net/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top